1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

***How to Remove w32.Myzor.FK@yf/Zlob (isaddon.dll, isamonitor.exe)!*** Please Read and Follow Before Posting Problems!

Discussion in 'Windows - Virus and spyware problems' started by Niobis, Jul 25, 2006.

Thread Status:
Not open for further replies.
  1. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    i read on another post where you told someone to rename hijack this to any name for some reason, i did thios an re-ran hijack this, here is the latest report:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:14:48 PM, on 11/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    C:\Documents and Settings\Boom\My Documents\My Pictures\dynomite.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TradeManager] C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager -hideframe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155090417748
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D97B8D0B-9393-4D25-8EE8-30862CF446AF}: NameServer = 205.152.144.23 205.152.132.23
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
  2. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    here is also a report log from spyhunter v 2.7 which also requires me to pay in order to fix the problems:

    ###########################Runnning Processes DATA###########################
    processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178
    processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe
    processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4
    processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2
    processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
    processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
    processName = CCSETMGR.EXE File Size = 169632 File Path = C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe ModuleMD5 = 92c27887787e637185fec2ee43da390f
    processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64
    processName = CCEVTMGR.EXE File Size = 192160 File Path = C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe ModuleMD5 = ff7daa264887e850abfdb8167a8685c9
    processName = SNDSRVC.EXE File Size = 214720 File Path = C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe ModuleMD5 = 0d411eea92751c1ecd8453892f41e726
    processName = SPBBCSVC.EXE File Size = 1160848 File Path = C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe ModuleMD5 = 1567d41313bb856fe150cf6decc80174
    processName = SYMLCSVC.EXE File Size = 1123008 File Path = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ModuleMD5 = 4958968e5a7ca5ead38cde73dfcc7c1f
    processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = 7435b108b935e42ea92ca94f59c8e717
    processName = ALUSCHEDULERSVC.EXE File Size = 100032 File Path = C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe ModuleMD5 = 1b58ee9929bab30d06092e584f7d899f
    processName = EHRECVR.EXE File Size = 195584 File Path = C:\WINDOWS\eHome\ehRecvr.exe ModuleMD5 = 63f371f0248e3732a4821f86e6d0e370
    processName = EHSCHED.EXE File Size = 102912 File Path = C:\WINDOWS\eHome\ehSched.exe ModuleMD5 = 16910f8b482919bb6035ed053b691692
    processName = MDM.EXE File Size = 322120 File Path = C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ModuleMD5 = 11f714f85530a2bd134074dc30e99fca
    processName = SQLSERVR.EXE File Size = 7442493 File Path = C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe ModuleMD5 = 2dedd58635aec83c297981c789927ef4
    processName = NAVAPSVC.EXE File Size = 139936 File Path = C:\Program Files\Norton AntiVirus\navapsvc.exe ModuleMD5 = 0c60f124ade4067c2a0fb6e9cac1e051
    processName = NPFMNTOR.EXE File Size = 46752 File Path = C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe ModuleMD5 = 7305d938735ec553d5156b1f60d6100d
    processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
    processName = MSSEARCH.EXE File Size = 73728 File Path = C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe ModuleMD5 = d02da157e549697154010280ddad45fd
    processName = DLLHOST.EXE File Size = 5120 File Path = C:\WINDOWS\system32\dllhost.exe ModuleMD5 = dd87db7387b9eb441c5674888a0d840c
    processName = EHTRAY.EXE File Size = 59392 File Path = C:\WINDOWS\ehome\ehtray.exe ModuleMD5 = f90137a9897071ede961a5aba4ea524f
    processName = HKCMD.EXE File Size = 126976 File Path = C:\WINDOWS\system32\hkcmd.exe ModuleMD5 = 4ec3cdd926c694526a8bdcf7162e25e7
    processName = SOUNDMAN.EXE File Size = 77824 File Path = C:\WINDOWS\SOUNDMAN.EXE ModuleMD5 = 4d80259d6997d3f4b40d21af275662a4
    processName = PDVDSERV.EXE File Size = 32768 File Path = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe ModuleMD5 = 8fb740d758b14b1bc950cc347c21e461
    processName = HPZTSB09.EXE File Size = 176128 File Path = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe ModuleMD5 = 91a8f43fd36cf5b539f4dd3a3a9770a3
    processName = EHMSAS.EXE File Size = 45568 File Path = C:\WINDOWS\eHome\ehmsas.exe ModuleMD5 = 04f893509c03c84f717a83189ed51336
    processName = HPCMPMGR.EXE File Size = 241664 File Path = C:\Program Files\HP\hpcoretech\hpcmpmgr.exe ModuleMD5 = b75b654ee1da99876461b24597ae3ff3
    processName = HPHMON05.EXE File Size = 495616 File Path = C:\WINDOWS\system32\hphmon05.exe ModuleMD5 = 7dc32607e065f638a645d51c477a36de
    processName = HPWUSCHD2.EXE File Size = 49152 File Path = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe ModuleMD5 = 821f73b833c4daebc33c1a9a4b16bb5a
    processName = JUSCHED.EXE File Size = 49263 File Path = C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe ModuleMD5 = 409c45da1cfbc3fc19eec7cbfe9b2786
    processName = CCAPP.EXE File Size = 53408 File Path = C:\Program Files\Common Files\Symantec Shared\ccApp.exe ModuleMD5 = 8c5d5b71e4e8a1fb8f1fa6cc57fe411e
    processName = QTTASK.EXE File Size = 155648 File Path = C:\Program Files\QuickTime\qttask.exe ModuleMD5 = c74c7963eec07af49dce44d64819b2bf
    processName = HPGS2WND.EXE File Size = 69632 File Path = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe ModuleMD5 = d5bc63d2822b8e244e53d2ff8078cc6b
    processName = AVGAS.EXE File Size = 6266880 File Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ModuleMD5 = 01d90ae5dccbce0c7b52874fec35a608
    processName = HPGS2WNF.EXE File Size = 77824 File Path = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ModuleMD5 = 59380d1808a83aa4150f550f45bee3a9
    processName = MSSYSMGR.EXE File Size = 212992 File Path = C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe ModuleMD5 = 552a81085e1d52c83c81ac351d8e2aa9
    processName = CTFMON.EXE File Size = 15360 File Path = C:\WINDOWS\system32\ctfmon.exe ModuleMD5 = 24232996a38c0b0cf151c2140ae29fc8
    processName = HPZIPM12.EXE File Size = 65795 File Path = C:\WINDOWS\system32\HPZipm12.exe ModuleMD5 = 5c1cadd1cb67c0b9d8a84ec6e4d6b5cc
    processName = MSNMSGR.EXE File Size = 5354792 File Path = C:\Program Files\MSN Messenger\MsnMsgr.Exe ModuleMD5 = c1ee2387ede907599ee3a6de9493f672
    processName = GOOGLETOOLBARNOTIFIER.EXE File Size = 163576 File Path = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe ModuleMD5 = 1c813135848c379412a036841282a985
    processName = SQLMANGR.EXE File Size = 69632 File Path = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe ModuleMD5 = 978294640062c57482bf2b65a342c266
    processName = IEXPLORE.EXE File Size = 93184 File Path = C:\Program Files\Internet Explorer\iexplore.exe ModuleMD5 = e7484514c0464642be7b4dc2689354c8
    processName = NSCSRVCE.EXE File Size = 750768 File Path = C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE ModuleMD5 = 24a7c31963943e9cf453c043648e6e4d
    processName = SPYHUNTER.EXE File Size = 2482176 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 586bac9f494de141189c05b79b653f73
    processName = DYNOMITE.EXE File Size = 218112 File Path = C:\Documents and Settings\Boom\My Documents\My Pictures\dynomite.exe ModuleMD5 = ee86268e59e4b38961e7c40d16be5bb4
    processName = NOTEPAD.EXE File Size = 69120 File Path = C:\WINDOWS\system32\NOTEPAD.EXE ModuleMD5 = 388b8fbc36a8558587afc90fb23a3b99
    ###########################REGISTRY MD5 DATA###########################
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
    Name=ehTray Data=C:\WINDOWS\ehome\ehtray.exe FileSize = 59392 MD5=f90137a9897071ede961a5aba4ea524f
    Name=IgfxTray Data=C:\WINDOWS\system32\igfxtray.exe FileSize = 155648 MD5=2e23ebf313d9092f3f321bd5a8548255
    Name=HotKeysCmds Data=C:\WINDOWS\system32\hkcmd.exe FileSize = 126976 MD5=4ec3cdd926c694526a8bdcf7162e25e7
    Name=High Definition Audio Property Page Shortcut Data=HDAudPropShortcut.exe FileSize = 61952 MD5=3e7a11c1c4ebd2c3c52197238df4e14b
    Name=SoundMan Data=SOUNDMAN.EXE FileSize = 77824 MD5=4d80259d6997d3f4b40d21af275662a4
    Name=Recguard Data=C:\WINDOWS\SMINST\RECGUARD.EXE FileSize = 212992 MD5=d3cc7a3813123e955b3a497c04b404e2
    Name=NeroFilterCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=3e4c03cefad8de135263236b61a49c90
    Name=RemoteControl Data="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" FileSize = 32768 MD5=8fb740d758b14b1bc950cc347c21e461
    Name=HPDJ Taskbar Utility Data=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe FileSize = 176128 MD5=91a8f43fd36cf5b539f4dd3a3a9770a3
    Name=HPHUPD05 Data=C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe FileSize = 49152 MD5=a748bc095329dd755075fd8be96ff48c
    Name=HP Component Manager Data="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" FileSize = 241664 MD5=b75b654ee1da99876461b24597ae3ff3
    Name=HPHmon05 Data=C:\WINDOWS\system32\hphmon05.exe FileSize = 495616 MD5=7dc32607e065f638a645d51c477a36de
    Name=HP Software Update Data=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe FileSize = 49152 MD5=821f73b833c4daebc33c1a9a4b16bb5a
    Name=SunJavaUpdateSched Data="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" FileSize = 49263 MD5=409c45da1cfbc3fc19eec7cbfe9b2786
    Name=ccApp Data="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" FileSize = 53408 MD5=8c5d5b71e4e8a1fb8f1fa6cc57fe411e
    Name=NAV CfgWiz Data="C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" FileSize = 120512 MD5=6008459ee968764df28ef1b5391a4f5a
    Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 155648 MD5=c74c7963eec07af49dce44d64819b2bf
    Name=TradeManager Data=C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager -hideframe FileSize = MD5=
    Name=Share-to-Web Namespace Daemon Data=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe FileSize = 69632 MD5=d5bc63d2822b8e244e53d2ff8078cc6b
    Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    FileSize = 2482176 MD5=586bac9f494de141189c05b79b653f73
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
    <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
    Name=PhotoShow Deluxe Media Manager Data=C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe FileSize = 212992 MD5=552a81085e1d52c83c81ac351d8e2aa9
    Name=ctfmon.exe Data=C:\WINDOWS\system32\ctfmon.exe FileSize = 15360 MD5=24232996a38c0b0cf151c2140ae29fc8
    Name=MsnMsgr Data="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background FileSize = 5354792 MD5=c1ee2387ede907599ee3a6de9493f672
    Name=swg Data=C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    FileSize = 163576 MD5=1c813135848c379412a036841282a985
    <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
    <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
    <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS>
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN>
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL>
    Explorer.exe FileSize = 1032192 MD5=a0732187050030ae399b241436565e64
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT>
    C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=39b1ffb03c2296323832acbae50d2aff
    #############################FILE MD5 DATA#############################
    <C:\Documents and Settings\Boom\Start Menu\Programs\Startup>
    File Path = C:\Documents and Settings\Boom\Start Menu\Programs\Startup\Adobe Gamma.lnk File Size = 4096 md5=6539e3fc637bea35cc1356282ee3a941
    File Path = C:\Documents and Settings\Boom\Start Menu\Programs\Startup\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35
    #############################SERVICES DATA#############################
    Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = f1958fbf86d5c004cf19a5951a9514b7
    Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = Automatic LiveUpdate Scheduler Service Display Name = Automatic LiveUpdate Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" Binary Size = 0 Binary MD5 =
    Service Name = BITS Service Display Name = Background Intelligent Transfer Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = ccEvtMgr Service Display Name = Symantec Event Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" Binary Size = 0 Binary MD5 =
    Service Name = ccSetMgr Service Display Name = Symantec Settings Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" Binary Size = 0 Binary MD5 =
    Service Name = COMSysApp Service Display Name = COM+ System Application Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Binary Size = 0 Binary MD5 =
    Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =
    Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = dmserver Service Display Name = Logical Disk Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =
    Service Name = ehRecvr Service Display Name = Media Center Receiver Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\eHome\ehRecvr.exe Binary Size = 195584 Binary MD5 = 63f371f0248e3732a4821f86e6d0e370
    Service Name = ehSched Service Display Name = Media Center Scheduler Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\eHome\ehSched.exe Binary Size = 102912 Binary MD5 = 16910f8b482919bb6035ed053b691692
    Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
    Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = HidServ Service Display Name = HID Input Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
    Service Name = MDM Service Display Name = Machine Debug Manager Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" Binary Size = 0 Binary MD5 =
    Service Name = MSSEARCH Service Display Name = Microsoft Search Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" Binary Size = 0 Binary MD5 =
    Service Name = MSSQLSERVER Service Display Name = MSSQLSERVER Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe Binary Size = 7442493 Binary MD5 = 2dedd58635aec83c297981c789927ef4
    Service Name = navapsvc Service Display Name = Norton AntiVirus Auto-Protect Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Norton AntiVirus\navapsvc.exe" Binary Size = 0 Binary MD5 =
    Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = NPFMntor Service Display Name = Norton AntiVirus Firewall Monitor Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" Binary Size = 0 Binary MD5 =
    Service Name = NSCService Service Display Name = Norton Protection Center Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" Binary Size = 0 Binary MD5 =
    Service Name = NtLmSsp Service Display Name = NT LM Security Support Provider Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
    Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
    Service Name = Pml Driver HPZ12 Service Display Name = Pml Driver HPZ12 Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\HPZipm12.exe Binary Size = 65795 Binary MD5 = 5c1cadd1cb67c0b9d8a84ec6e4d6b5cc
    Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
    Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
    Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = RemoteRegistry Service Display Name = Remote Registry Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
    Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =
    Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
    Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = SNDSrvc Service Display Name = Symantec Network Drivers Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" Binary Size = 0 Binary MD5 =
    Service Name = SPBBCSvc Service Display Name = SPBBCSvc Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" Binary Size = 0 Binary MD5 =
    Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = 7435b108b935e42ea92ca94f59c8e717
    Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
    Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =
    Service Name = Symantec Core LC Service Display Name = Symantec Core LC Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" Binary Size = 0 Binary MD5 =
    Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =
    Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
    Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
    #############################WINLOGON DATA#############################
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui Filepath = C:\WINDOWS\system32\igfxsrvc.dll File Size = 348160 File MD5 = 1f66f608b1714aa61857953cf3137a49
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 702768 File MD5 = 147429092c26d18af550790ac102f32a
    Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
    ##########################BROWSER ADD-ON DATA##########################
    <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar>
    CLSID = {C4069E3A-68F1-403E-B40E-20066696354B} FilePath = C:\Program Files\Norton AntiVirus\NavShExt.dll File Size = 140960 File MD5 = be517ce3fce02a4701dc63d0c9949c0f Description = Norton AntiVirus
    CLSID = {2318C2B1-4965-11d4-9B18-009027A5CD4F} FilePath = c:\program files\google\googletoolbar2.dll File Size = 2120768 File MD5 = b4185508b1c66a1579a76dfa6d160daf Description = 0
    <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>
    CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed
    <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars>
    CLSID = {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} FilePath = C:\WINDOWS\system32\SHELL32.dll File Size = 8453632 File MD5 = f056b4771408966694de5d9bf79b48f8
    CLSID = {EFA24E64-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed
    <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>
    CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File Size = 63128 File MD5 = f17b2b264072b921fc66a0be16626bab
    CLSID = {53707962-6F74-2D53-2644-206D7942484F} FilePath = C:\PROGRA~1\SPYBOT~1\SDHelper.dll File Size = 853672 File MD5 = 250d787a5712d7768ddc133b3e477759
    CLSID = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} FilePath = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll File Size = 434279 File MD5 = d62e335f137d9e0f9f4dbe09564959b1
    CLSID = {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} FilePath = C:\Program Files\Norton AntiVirus\NavShExt.dll File Size = 140960 File MD5 = be517ce3fce02a4701dc63d0c9949c0f
    CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7} FilePath = c:\program files\google\googletoolbar2.dll File Size = 2120768 File MD5 = b4185508b1c66a1579a76dfa6d160daf
    <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>
    CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = File Size = 0 File MD5 =
    CLSID = {92780B25-18CC-41C8-B9BE-3C9C571A8263} FilePath = File Size = 0 File MD5 =
    CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 =
    <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>
    CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
    <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>
    CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed Description =
    <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler>
    CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = d43be3a545b0dc236e46f9693582a90f Description = Browseui preloader
    CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = d43be3a545b0dc236e46f9693582a90f Description = Component Categories cache daemon
    ##########################LSP CHAIN DATA##########################
    <HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
    ##########################UNINSTALL DATA##########################
    <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} DisplayName = Adobe Photoshop CS2 InstallLocation = C:\Program Files\Adobe\Adobe Photoshop CS2\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVGAntiSpyware75 DisplayName = AVG Anti-Spyware 7.5 InstallLocation = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner DisplayName = CCleaner (remove only)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4} DisplayName = QuickTime InstallLocation = C:\Program Files\QuickTime\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Kaspersky Online Scanner DisplayName = Kaspersky Online Scanner InstallLocation = C:\WINDOWS\system32\KASPER~1\KASPER~1
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP DisplayName = High Definition Audio Driver Package - KB835221
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP Hotfix - KB887742
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP Hotfix - KB888113
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Security Update for Windows XP (KB890046)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Security Update for Windows XP (KB896422)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Update for Windows XP (KB898461)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Update for Windows XP (KB900485)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Security Update for Windows XP (KB901214)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Security Update for Windows XP (KB908531)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Security Update for Windows XP (KB911280)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Security Update for Windows XP (KB911562)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911565 DisplayName = Security Update for Windows Media Player 10 (KB911565)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911567 DisplayName = Security Update for Windows XP (KB911567)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912812 DisplayName = Security Update for Windows XP (KB912812)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Security Update for Windows XP (KB913580)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Security Update for Windows XP (KB914388)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Security Update for Windows XP (KB914389)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916281 DisplayName = Security Update for Windows XP (KB916281)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Update for Windows XP (KB916595)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917159 DisplayName = Security Update for Windows XP (KB917159)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Security Update for Windows XP (KB917344)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Security Update for Windows XP (KB917422)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10 DisplayName = Security Update for Windows Media Player 10 (KB917734)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Security Update for Windows XP (KB917953)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918439 DisplayName = Security Update for Windows XP (KB918439)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918899 DisplayName = Security Update for Windows XP (KB918899)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Security Update for Windows XP (KB919007)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920213 DisplayName = Security Update for Windows XP (KB920213)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920214 DisplayName = Security Update for Windows XP (KB920214)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Security Update for Windows XP (KB920670)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Security Update for Windows XP (KB920683)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Security Update for Windows XP (KB920685)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Update for Windows XP (KB920872)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921398 DisplayName = Security Update for Windows XP (KB921398)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921883 DisplayName = Security Update for Windows XP (KB921883)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Update for Windows XP (KB922582)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922616 DisplayName = Security Update for Windows XP (KB922616)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922760 DisplayName = Security Update for Windows XP (KB922760)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Security Update for Windows XP (KB922819)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Security Update for Windows XP (KB923191)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Security Update for Windows XP (KB923414)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923980 DisplayName = Security Update for Windows XP (KB923980)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Security Update for Windows XP (KB924191)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924270 DisplayName = Security Update for Windows XP (KB924270)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Security Update for Windows XP (KB924496)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925486 DisplayName = Security Update for Windows XP (KB925486)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate DisplayName = LiveUpdate 3.0 (Symantec Corporation) InstallLocation = "C:\Program Files\Symantec\LiveUpdate"
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MC05Upd1 DisplayName = Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server 2000 DisplayName = Microsoft SQL Server 2000 InstallLocation = C:\Program Files\Microsoft SQL Server\MSSQL
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero PhotoShow Express DisplayName = Nero PhotoShow Express InstallLocation = C:\Program Files\Ahead\Nero PhotoShow\Nero PhotoShow Express.exe
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NeroMultiInstaller!UninstallKey DisplayName = Nero Suite
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan DisplayName = Panda ActiveScan
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PROSet DisplayName = Intel(R) PRO Network Adapters and Drivers
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash DisplayName = Macromedia Flash Player 8
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Silver Codec DisplayName = Silver Codec 6.0
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Audio Converter_is1 DisplayName = Smart Audio Converter InstallLocation = C:\Program Files\SmartAudioConverter\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1 DisplayName = Spybot - Search & Destroy 1.4 InstallLocation = C:\Program Files\Spybot - Search & Destroy\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B} DisplayName = Norton AntiVirus 2006 (Symantec Corporation) InstallLocation = C:\Program Files\Norton AntiVirus
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\TradeManager DisplayName = TradeManager
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify DisplayName = Windows Genuine Advantage Notifications (KB905474)
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{04AA1207-D8C6-45DC-A96D-48358EBE09F3} DisplayName = PSShortcuts InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB} DisplayName = ccCommon InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{15EE79F4-4ED1-4267-9B0F-351009325D7D} DisplayName = HP Software Update InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{228F6876-A313-40A3-91C0-C3CBE6997D09} DisplayName = Symantec InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F} DisplayName = Google Toolbar for Internet Explorer
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{236BB7C4-4419-42FD-0409-1E257A25E34D} DisplayName = Adobe Photoshop CS2 InstallLocation = C:\Program Files\Adobe\Adobe Photoshop CS2\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} DisplayName = Internet Worm Protection InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2D76C16B-C036-4D96-BC20-949511D74A45} DisplayName = Berlitz Learning System - Spanish InstallLocation = C:\Program Files\Berlitz\Berlitz Learning System
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} DisplayName = SymNet InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} DisplayName = J2SE Runtime Environment 5.0 Update 6 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090} DisplayName = J2SE Runtime Environment 5.0 Update 9 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} DisplayName = Norton AntiVirus Help InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} DisplayName = WebFldrs XP InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{35AC130A-B7B4-4AA7-85EB-D0A7E10B927E} DisplayName = PS7900 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F} DisplayName = MSXML 4.0 SP2 (KB927978) InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF} DisplayName = Macromedia Flash MX InstallLocation = C:\Program Files\Macromedia\Flash MX
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{517B8FB2-26EE-43B0-AE1B-07408860AA69} DisplayName = DigitImg InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5421155F-B033-49DB-9B33-8F80F233D4D5} DisplayName = GdiplusUpgrade InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} DisplayName = PowerDVD
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{6CC93102-135E-49E2-99A4-C431E671C12A} DisplayName = HP Photo and Imaging 2.0 - Scanners InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{77772678-817F-4401-9301-ED1D01A8DA56} DisplayName = SPBBC InstallLocation = C:\Program Files\Norton AntiVirus\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{786C5747-1033-0000-B58E-000000000001} DisplayName = Adobe Stock Photos 1.0 InstallLocation = C:\Program Files\Adobe\Adobe Stock Photos\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{82A5BF38-8461-4A5C-B2C9-24F5256D92A6} DisplayName = Norton Protection Center InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8777AC6D-89F9-4793-8266-DE406F343E89} DisplayName = QFolder InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20} DisplayName = Intel(R) Graphics Media Accelerator Driver
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B4AB829-DFD3-436D-B808-D9733D76C590} DisplayName = Macromedia Dreamweaver MX InstallLocation = C:\Program Files\Macromedia\Dreamweaver MX
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B4AE751-7055-4518-87B0-E148A8D50D0A} DisplayName = Macromedia FreeHand MX InstallLocation = C:\Program Files\Macromedia\FreeHand MX
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5B39} DisplayName = Adobe Common File Installer InstallLocation = C:\Program Files\Common Files\Adobe\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0150048383C9} DisplayName = Microsoft Office Professional Edition 2003 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0150048383C9} DisplayName = Microsoft Office Project Professional 2003 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9} DisplayName = Microsoft Office Visio Professional 2003 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90A10409-6000-11D3-8CFE-0150048383C9} DisplayName = Microsoft Office OneNote 2003 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{929408E6-D265-4174-805F-81D1D914E2A4} DisplayName = QuickTime InstallLocation = C:\Program Files\QuickTime\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{930B2432-43D4-11D5-9871-00C04F8EEB39} DisplayName = Macromedia Fireworks MX InstallLocation = C:\Program Files\Macromedia\Fireworks MX
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{94CD45D0-58D3-11D5-B35E-00E02934C09B} DisplayName = MapSend Topo US
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A5BA14E0-7384-11D4-BAE7-00409631A2C8} DisplayName = Macromedia Extension Manager InstallLocation = C:\Program Files\Macromedia\Extension Manager
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A9CF9052-F4A0-475D-A00F-A8388C62DD63} DisplayName = MSXML 4.0 SP2 (KB925672) InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A70000000000} DisplayName = Adobe Reader 7.0.8 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{B376402D-58EA-45EA-BD50-DD924EB67A70} DisplayName = HP Memories Disc InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{B74D4E10-1033-0000-0000-000000000001} DisplayName = Adobe Bridge 1.0 InstallLocation = C:\Program Files\Adobe\Adobe Bridge\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{C5DC271D-ABBF-481F-9CA5-8EC7221D390F} DisplayName = Berlitz Before You Know It Flash Cards InstallLocation = C:\Program Files\Berlitz\Berlitz Before You Know It Flash Cards
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{C6F5B6CF-609C-428E-876F-CA83176C021B} DisplayName = Norton AntiVirus 2006 InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{C950420B-4182-49EA-850A-A6A2ABF06C6B} DisplayName = Marvell Miniport Driver InstallLocation = C:\Program Files\Marvell\Miniport Driver\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} DisplayName = Norton AntiVirus SYMLT MSI InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA} DisplayName = Photosmart 140,240,7200,7600,7700,7900 Series
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1423608-F529-40A1-93CA-C7F396F30DF0} DisplayName = Google SketchUp InstallLocation = C:\Program Files\Google\Google SketchUp
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5EE9939-259F-4DE2-8023-5C49E16A4F43} DisplayName = Norton AntiVirus Parent MSI InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9787678-1033-0000-8E67-000000000001} DisplayName = Adobe Help Center 1.0 InstallLocation = C:\Program Files\Adobe\Adobe Help Center\
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0} DisplayName = XMLinst InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34-973C-4FBE-AC83-99F064009FC7} DisplayName = SpyHunter InstallLocation = C:\Program Files\Enigma Software Group\SpyHunter
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EFE26D3B-2789-4068-A5BB-77E389FAEB98} DisplayName = PSUsage InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} DisplayName = Realtek High Definition Audio Driver
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{F325CF11-27CE-4872-8022-6E9EB27DF24F} DisplayName = NAVShortcut InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{F64306A5-4C32-41bb-B153-53986527FAB4} DisplayName = Norton WMI Update InstallLocation =
    Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCE50DB8-C610-4C42-BE5C-193F46C6F812} DisplayName = Windows Live Messenger InstallLocation =
     
  3. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    exodus125, let's slow down a bit...lol. I thank you for all the logs, but it takes me a while to look over all those. :D

    Let's start with your questions.

    Yes, I prefer Firefox over IE any day, but there is no need in removing IE. You still need it for sites that can't be loaded under the Firefox engine, such as Windows Update.

    That isn't necessary with your infections.

    No, just stick to this thread and I'll help you clean everything.

    Renaming HijackThis is for a Vundo infection. Vundo will hide 02 and 020 entries and a way to see them again is rename HijackThis. It wasn't necessary for you, but it won't hurt anything to keep it renamed. Personally, I always keep mine renamed.


    Now, let's get to cleaning. :)

    There is something strange about your logs. Silver Codec(Zlob) is not showing in your HijackThis log, but it is in your the Kaspersky log.

    Make sure you have the latest version of SmitfraudFix.
    Download it from here.

    * Extract the files to the desktop.
    * Open the newly created folder [bold]SmitfaudFix[/bold].
    * Double-click [bold]smitfraudfix.cmd[/bold].
    * [bold]Select 1[/bold] and press [bold]Enter[/bold] to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.
    [bold]Note:[/bold] [bold]please do not run other options unless requested.[/bold]

    Exit SmitfraudFix and open [bold]HijackThis[/bold].
    Click "[bold]Open the Misc Tools section[/bold]".
    Click on "[bold]Open uninstall manager[/bold]".
    Click "[bold]Save list[/bold]". Notepad will open with the list.
    It will be saved in the HijackThis folder.

    Please post back with the contents of rapport.txt and the uninstall list.
     
  4. help101

    help101 Member

    Joined:
    Nov 23, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    K I did as you said and everything seems much better. Thanks a whole bunch. Do you want me to post anymore logs?
     
  5. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    No, help101, if you deleted all those folders you should be fine.

    You're welcome and good luck!
     
  6. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    Niobis, you crack myself up, im a bit of a SPAZ. Anyways, im geting ready to what you told me to do, but windows automatic update is updating my computer and installing IE 7. lol, I jsut want to make sure this is rally IE 7 and not some virus,,,its installing it as we speak.

    Also, I downloaded a trial version of platnum panda 2006. it picked up a bunch of crap and either fixed it or deleted it. It did ask me to uninstall norton anti virus so I had to do that, but i have that installed now.

    Im not sure if this is relevant or not, but when did the IE 7 update become available? because for the past 2 months ive tried to update windows and it would give me an error message, now i installed the panda platnum and now all of a sudden the automatic updates are working, or maybe im jsut paranoid, i dunno. Anyways, as soon as this IE 7 updates ill do what you told me and post the 2 reports. Thanks again!
     
  7. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    Most likely it is in fact IE 7 and not a virus. Never heard of a virus posing as IE 7...yet. :)

    One thing I didn't mention in my previous post. In the SpyHunter log there are a lot of unused and unneeded registry keys leftover from uninstalled software, let's clean those also.

    Go here and download [bold]CCleaner[/bold].
    [bold]Note[/bold]: If you do not want [bold]Yahoo! Toolbar[/bold] uncheck the option when installing.
    Close all windows.
    Open [bold]CCleaner[/bold].
    Click [bold]Options[/bold] > [bold]Advance[/bold] > uncheck "Only delete files in Windows Temp folders older than 48 hours".
    Clean temp files and cookies.
    Click Cleaner > [bold]Run Cleaner[/bold].

    Clean the empty or unused keys.
    After cleaning, click "[bold]Issues[/bold]".
    Click "[bold]Scan for Issues[/bold]".
    After scanning, click "[bold]Fix selected issues...[/bold]".
    When prompted to backup registry, click "[bold]Yes[/bold]".

    Then, post the logs.

    Edit: by the way, to answer your question, IE 7 came out about 2 months ago.
     
    Last edited: Nov 25, 2006
  8. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    SmitFraudFix v2.124

    Scan done at 19:11:57.34, Sat 11/25/2006
    Run from C:\Documents and Settings\Boom\Local Settings\Temp\SmitfraudFix-1\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Boom


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Boom\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Boom\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    and here is the uninstall list:

    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 7.0.8
    Adobe Stock Photos 1.0
    AVG Anti-Spyware 7.5
    Berlitz Before You Know It Flash Cards
    Berlitz Learning System - Spanish
    CCleaner (remove only)
    GdiplusUpgrade
    Google SketchUp
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB835221
    HijackThis 1.99.1
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    HP Memories Disc
    HP Photo and Imaging 2.0 - Scanners
    HP Software Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Adapters and Drivers
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Kaspersky Online Scanner
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Fireworks MX
    Macromedia Flash MX
    Macromedia Flash Player 8
    Macromedia FreeHand MX
    MapSend Topo US
    Marvell Miniport Driver
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Visio Professional 2003
    Microsoft SQL Server 2000
    Mozilla Firefox (2.0)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    Nero PhotoShow Express
    Nero Suite
    Panda ActiveScan
    Panda Platinum 2006 Internet Security
    Photosmart 140,240,7200,7600,7700,7900 Series
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925486)
    Smart Audio Converter
    Spybot - Search & Destroy 1.4
    TradeManager
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    XMLinst

     
  9. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    and im sorry if this pisses you off, but just in case, here is my latest hijackthis (or as I like to call it, "dynomite") logfile

    Logfile of HijackThis v1.99.1
    Scan saved at 7:17:45 PM, on 11/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe
    C:\Documents and Settings\Boom\My Documents\My Pictures\dynomite.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TradeManager] C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager -hideframe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155090417748
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D97B8D0B-9393-4D25-8EE8-30862CF446AF}: NameServer = 205.152.144.23 205.152.132.23
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

     
  10. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    Okay, I see you've already got CCleaner so ignore my last post except for running Issues fix.

    The SmitfraudFix looks good as does the uninstall list.

    Panda must have taken care of the problems, but look for this folder and delete if there:

    C:\Program Files\[bold]Silver Codec[/bold]

    Edited: just seen you last post. :)
    I think you're clean now, but post one more HjT log so I can see if everything is okay.

    Edit 2: everything looks good. How are things? Any problems or any more symptoms?
     
    Last edited: Nov 25, 2006
  11. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    i wasnt having any symptoms even when the viruses were being detected, when i first did what you said, it fixed the home page problem, which is the only problem i was having, aside from a slight lag.

    I did notice after downloading that panda thing, that on startup, the computer was loading much faster. Im going to run panda ONE LAST time to see if anything comes up, that looks like a great program, too bad its like 70 dollars. but at least i got that virus out, now,,,,is it possible that theres something still in their? or should i be good, i havent been logging onto my bank account or anything in fear that it would reveal something to someone,,,,and how does this virus usually originate? (playing stupid)
     
  12. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    yea, i double cheeked and the silver codec is no where to be seen, i even checked in the add an remove programs, where it was appearing before and its gone. NOW, should i uninstall all those virus things, like the hijackthis aka dynomite, and the AVG?
     
  13. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    OK, i re-ran panda and it came out clean. I did feed that panda ALOT of bamboo today though, i ran the cleaner an it still had a few things and clean that out, it should be good now.

    HEY! let me thank you whole heartedly for your fine work. Your a true GURU of computers. Im glad i didnt have to reinstall windows. please let me know if i should uninstall any of the programs i installed like highjack this and the AVG. Take care Niobis.

    -Esteban
     
  14. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    SIGH,,,,,,ok i have a problem.

    Now, IE wont work. I click on the IE shortcut and it tells me "internet explorer cannot display the webpage

    most likely causes:
    () you are not connected to the internet
    () the website is enountering problems
    ()ther emight be a typing error in the address

    what you can try:

    () diagnose connection problems ( i clicked on it and it was fine)
    () more information


    NICE!
     
  15. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    i tried restarting and IE is still not working.
     
  16. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    No it's not. You got the full internet securit suite. You can buy the Panda Anti-virus for $29.95 or the Anti-virus + Firewall for $49.95. I used to own the Anti-virus + Firewall before the 2007 version was released. If I could get it as cheap as I did then, I would switch back.

    It's completely up to you. I recommend you keep AVGAS at least until the trial version run out. It is one of the best Anti-spyware programs on the market. I use it as my anti-spyware, even though the trial has run out because the only things taken away are real-time protection and automatic updates. But you can update and scan often or as needed.

    Make sure Panda's firewall doesn't have it blocked.

    You're very welcome, and thank you for the kudos. :) Let me know if you get IE working.
     
    Last edited: Nov 25, 2006
  17. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    and how do i make sure the firewall doesnt have it blocked?
     
  18. exodus125

    exodus125 Member

    Joined:
    Nov 22, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    ok i figured it out, as i suspected,,,,my panda firewall was blocking IE7, that crazy panda doesn't know friend from foe,,,,

    Im just kidding (thanks for the help with IE), it looks to me as if I am good to go, i think i'm going to try all these newly learned skills at work too, my work computer runs pretty bad too, but i think i can make it work a little better running those free programs, and if not i can always come an ask the Dali Lama of computing, our very own,,,,NIOBIS....

    oh one last thing, this is off topic so i will start a new page: is you on the other thread.
     
  19. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    You're welcome. lol "Dali Lama"...that's funny! :D

    Anyway, what other thread are you asking if I am on?

    Edited: I see now. :)
     
    Last edited: Nov 25, 2006
  20. babare

    babare Guest

    Hey,

    I have done everything in the first post and read this entire thread for other info. I have delted the virus but it still wont let me get to my email. Once I log into my email it tells me that it is restricted by a virus. Internet explorer is also running really slow but it may just be that IE released IE 7 and it just runs that slow because on my other computer it is fairly slow also.

    Here is my HJT log....Thanks for the help!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    C:\Program Files\Digital Media Reader\readericon45G.exe
    C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Trend Micro\Antivirus\pccguide.exe
    C:\Program Files\Trend Micro\Antivirus\PCClient.exe
    C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RXORJ4BR\HijackThis_v1.99.1[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kcskyscrapers.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
Thread Status:
Not open for further replies.

Share This Page