My PC has gone insane over the last few days and no matter what nothing is helping I have run several scans, SPYBOT, A.V.G. AND ADAWARE and not one of them detect anything with my pc... and this has also been done in safe mode just in case...same result Anyway, my CPU is running between 80% and 100% now and I am convinced all is not well Also when I last checked I think my pc has copied itself and all of its files several times over in the last 4 hours so where does it all end The only temporary relief is for about ONE HOUR and that is when I run SYSTEM RESTORE, but hey 10 restores in one day is a bit over the top considering that the restores take about 45 minutes each PLEASE PLEASE HELP ME GUYS< I AM AT A LOST I HAVE ENCLOSED EVERY BIT OF LOG FILE TYPE FROM HIJACK THIS there is for your advice I am desperate and I am in MELBOURNE AUSTRALIA so if you would like to assist me you can do so...I have MSN and we can work on remote if need be ( ask for my id) It is 11pm Sunday NIGHT and obviously I am not gonna get much sleep tonight so if anyone has any ideas, I REALLY WOULD APPRECIATE YOUR KIND HELP MANY THANKS IN ADVANCE NATALEE EPSTEEN ( missnataleejaneepsteen@hotmail.com ) ( MSN 4 ME ) -------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:37:23 PM, on 8/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\Telstra\BigPond Assist\assist.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe C:\Program Files\DAP\DAP.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Telstra\Toolbar\bpumTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\PC-TV\WinManager\WinManager.exe C:\Program Files\Morpheus\Morpheus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Outlook Express\msimn.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\notepad.exe C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll O3 - Toolbar: (no name) - {753C279B-F2A8-9946-D23A-C75C1BEAD5B1} - (no file) O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\DAPIEBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond Assist\assist.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [DTV-DVB MCE CI] "C:\Documents and Settings\Michael\MCECIConsole.exe" O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [HijackThis startup scan] C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /startupscan O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145668034457 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146669626078 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F8AAD29F-BAED-48CD-A2C2-68FD6E772482}: NameServer = 10.0.0.138 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe .................................................................... C:\WINDOWS\win.ini : s1 (4 bytes) C:\WINDOWS\win.tmp : s1 (4 bytes) .................................................................. StartupLis t report, 8/13/200 6, 10:40:05 PM StartupLis t version: 1.52.2 Started from : C:\DOCU ME~1\Mic hael\LOC ALS~1\Te mp\Temp orary Directory 2 for hijackthis. zip\Hijack This.EXE Detected: Windows XP SP2 (WinNT 5.01.2600 ) Detected: Internet Explorer v6.00 SP2 (6.00.290 0.2180) * Using default options * Including empty and uninterest ing sections * Showing rarely important sections ======= ======= ======= ======= ======= ======= ======= = Running processes: C:\WIND OWS\Syst em32\sms s.exe C:\WIND OWS\syst em32\win logon.exe C:\WIND OWS\syst em32\ser vices.exe C:\WIND OWS\syst em32\lsas s.exe C:\WIND OWS\syst em32\svc host.exe C:\Progra m Files\Win dows Defender\ MsMpEng .exe C:\WIND OWS\Syst em32\svc host.exe C:\WIND OWS\syst em32\spo olsv.exe C:\WIND OWS\syst em32\Ati 2evxx.exe C:\PROGR A~1\Gris oft\AVGF RE~1\avg amsvr.exe C:\PROGR A~1\Gris oft\AVGF RE~1\avg upsvc.exe C:\PROGR A~1\Gris oft\AVGF RE~1\avg emc.exe C:\Progra m Files\Com mon Files\Micr osoft Shared\VS 7DEBUG\ MDM.EXE C:\Progra m Files\Che etah Burner\C heetah DVD Burner\N MSAccess. exe C:\WIND OWS\syst em32\svc host.exe C:\WIND OWS\Expl orer.EXE C:\Progra m Files\Java \jre1.5.0_ 07\bin\ju sched.exe C:\Progra m Files\Telst ra\BigPon d Assist\ass ist.exe C:\Progra m Files\Win amp\wina mpa.exe C:\Progra m Files\AOL \Active Security Monitor\ ASMonito r.exe C:\Progra m Files\DAP \DAP.EXE C:\PROGR A~1\Gris oft\AVGF RE~1\avg cc.exe C:\WIND OWS\syst em32\ctf mon.exe C:\Progra m Files\Telst ra\Toolba r\bpumTr ay.exe C:\WIND OWS\SOU NDMAN.E XE C:\Progra m Files\Mess enger\ms msgs.exe C:\Progra m Files\MSN Messenge r\msnmsg r.exe C:\Progra m Files\Ado be\Acrob at 6.0\Distill r\acrotray .exe C:\Progra m Files\PC-T V\WinMa nager\Wi nManager .exe C:\Progra m Files\Mor pheus\Mo rpheus.ex e C:\WIND OWS\Syst em32\svc host.exe C:\WIND OWS\syst em32\wsc ntfy.exe C:\Progra m Files\Outl ook Express\ msimn.ex e C:\PROGR A~1\Lava soft\AD-A WA~1\Ad -Aware.ex e C:\WIND OWS\syst em32\tas kmgr.exe C:\WIND OWS\syst em32\msi exec.exe C:\WIND OWS\not epad.exe C:\DOCU ME~1\Mic hael\LOC ALS~1\Te mp\Temp orary Directory 2 for hijackthis. zip\Hijack This.exe C:\WIND OWS\syst em32\NO TEPAD.EX E C:\WIND OWS\not epad.exe ------------------ ------------------ -------------- Listing of startup folders: Shell folders Startup: [C:\Docu ments and Settings\ Michael\S tart Menu\Pro grams\Sta rtup] Morpheus .lnk = C:\Progra m Files\Mor pheus\Mo rpheus.ex e Shell folders AltStartup : *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup : *Folder not found* Shell folders Common Startup: [C:\Docu ments and Settings\ All Users\Star t Menu\Pro grams\Sta rtup] Acrobat Assistant. lnk = C:\Progra m Files\Ado be\Acrob at 6.0\Distill r\acrotray .exe Adobe Reader Speed Launch.ln k = C:\Progra m Files\Ado be\Acrob at 7.0\Reade r\reader_s l.exe WinMana ger.lnk = C:\Progra m Files\PC-T V\WinMa nager\Wi nManager .exe Shell folders Common AltStartup : *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* ------------------ ------------------ -------------- Checking Windows NT UserInit: [HKLM\So ftware\Mi crosoft\W indows NT\Curre ntVersion \Winlogo n] UserInit = C:\WIND OWS\syst em32\use rinit.exe, [HKLM\So ftware\Mi crosoft\W indows\C urrentVer sion\Winl ogon] *Registry key not found* [HKCU\So ftware\Mi crosoft\W indows NT\Curre ntVersion \Winlogo n] *Registry value not found* [HKCU\So ftware\Mi crosoft\W indows\C urrentVer sion\Winl ogon] *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\Run SunJavaU pdateSch ed = C:\Progra m Files\Java \jre1.5.0_ 07\bin\ju sched.exe ecc = C:\Progra m Files\Telst ra\BigPon d Assist\ass ist.exe WinampA gent = C:\Progra m Files\Win amp\wina mpa.exe ASM = "C:\Progra m Files\AOL \Active Security Monitor\ ASMonito r.exe" Downloa dAccelera tor = "C:\Progra m Files\DAP \DAP.EXE " /STARTUP AVG7_CC = C:\PROGR A~1\Gris oft\AVGF RE~1\avg cc.exe /STARTUP ATIPTA = C:\Progra m Files\ATI Technolo gies\ATI Control Panel\atip taxx.exe Cmaudio = RunDll32 cmicnfg.c pl,CMICtrl Wnd DTV-DVB MCE CI = "C:\Docu ments and Settings\ Michael\ MCECICo nsole.exe" BigPond Toolbar = "C:\Progra m Files\Telst ra\Toolba r\bpumTr ay.exe" PCSuiteTr ayApplica tion = C:\PROGR A~1\Noki a\NOKIAP ~1\LAUN CH~1.EXE -startup SoundMa n = SOUNDM AN.EXE ------------------ ------------------ -------------- Autorun entries from Registry: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nce *No values found* ------------------ ------------------ -------------- Autorun entries from Registry: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nceEx *No values found* ------------------ ------------------ -------------- Autorun entries from Registry: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvices *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvicesOnc e *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\Run MSMSGS = "C:\Progra m Files\Mess enger\ms msgs.exe" /backgro und ctfmon.ex e = C:\WIND OWS\syst em32\ctf mon.exe msnmsgr = "C:\Progra m Files\MSN Messenge r\msnmsg r.exe" /backgro und HijackThis startup scan = C:\DOCU ME~1\Mic hael\LOC ALS~1\Te mp\Temp orary Directory 2 for hijackthis. zip\Hijack This.exe /startupsc an PcSync = C:\Progra m Files\Noki a\Nokia PC Suite 6\PcSync 2.exe /NoDialo g ------------------ ------------------ -------------- Autorun entries from Registry: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nce *No values found* ------------------ ------------------ -------------- Autorun entries from Registry: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nceEx *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvices *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvicesOnc e *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKLM\Sof tware\Mic rosoft\Wi ndows NT\Curre ntVersion \Run *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKCU\Sof tware\Mic rosoft\Wi ndows NT\Curre ntVersion \Run *Registry key not found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\Run [Optional Compone nts] *No values found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nce *No subkeys found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nceEx *No subkeys found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvices *Registry key not found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvicesOnc e *Registry key not found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\Run *No subkeys found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nce *No subkeys found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunO nceEx *Registry key not found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvices *Registry key not found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\RunSe rvicesOnc e *Registry key not found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKLM\Sof tware\Mic rosoft\Wi ndows NT\Curre ntVersion \Run *Registry key not found* ------------------ ------------------ -------------- Autorun entries in Registry subkeys of: HKCU\Sof tware\Mic rosoft\Wi ndows NT\Curre ntVersion \Run *Registry key not found* ------------------ ------------------ -------------- File associatio n entry for .EXE: HKEY_CL ASSES_RO OT\exefile \shell\ope n\comma nd (Default) = "%1" %* ------------------ ------------------ -------------- File associatio n entry for .COM: HKEY_CL ASSES_RO OT\comfil e\shell\op en\comm and (Default) = "%1" %* ------------------ ------------------ -------------- File associatio n entry for .BAT: HKEY_CL ASSES_RO OT\batfile \shell\ope n\comma nd (Default) = "%1" %* ------------------ ------------------ -------------- File associatio n entry for .PIF: HKEY_CL ASSES_RO OT\piffile \shell\ope n\comma nd (Default) = "%1" %* ------------------ ------------------ -------------- File associatio n entry for .SCR: HKEY_CL ASSES_RO OT\scrfile \shell\ope n\comma nd (Default) = "%1" /S ------------------ ------------------ -------------- File associatio n entry for .HTA: HKEY_CL ASSES_RO OT\htafile \shell\ope n\comma nd (Default) = C:\WIND OWS\syst em32\ms hta.exe "%1" %* ------------------ ------------------ -------------- File associatio n entry for .TXT: HKEY_CL ASSES_RO OT\txtfile \shell\ope n\comma nd (Default) = %SystemR oot%\syst em32\NO TEPAD.EX E %1 ------------------ ------------------ -------------- Enumerati ng Active Setup stub paths: HKLM\Sof tware\Mic rosoft\Act ive Setup\Inst alled Compone nts (* = disabled by HKCU twin) [>{22d6f3 12-b0f6-1 1d0-94ab- 0080c74c 7e95}] StubPath = C:\WIND OWS\inf\ unregmp2 .exe /ShowWM P [>{26923 b43-4d38- 484f-9b9e -de46074 6276c}] * StubPath = %systemr oot%\syst em32\sh mgrate.ex e OCInstall UserConfi gIE [>{60B49 E34-C7CC -11D0-89 53-00A0C 90347FF} MICROS] * StubPath = RunDLL3 2 IEDKCS32 .DLL,Bran dIE4 SIGNUP [>{881dd 1c5-3dcf- 431b-b06 1-f3f88e8 be88a}] * StubPath = %systemr oot%\syst em32\sh mgrate.ex e OCInstall UserConfi gOE [{2C7339 CF-2B09- 4501-B3F 3-F3508C 9228ED}] * StubPath = %SystemR oot%\syst em32\reg svr32.exe /s /n /i:/UserIn stall %SystemR oot%\syst em32\the meui.dll [{44BBA8 40-CC51- 11CF-AAF A-00AA0 0B6015C} ] * StubPath = "%Progra mFiles%\ Outlook Express\s etup50.ex e" /APP:OE /CALLER: WINNT /user /install [{44BBA8 42-CC51- 11CF-AAF A-00AA0 0B6015B} ] * StubPath = rundll32.e xe advpack.d ll,LaunchI NFSection C:\WIND OWS\INF\ msnetmtg .inf,NetMt g.Install.P erUser.NT [{4b218e 3e-bc98-4 770-93d3- 2731b93 29278}] * StubPath = %SystemR oot%\Syst em32\run dll32.exe setupapi,I nstallHinf Section Marketpla ceLinkInst all 896 %systemr oot%\inf\i e.inf [{5945c0 46-1e7d-1 1d1-bc44- 00c04fd9 12be}] * StubPath = rundll32.e xe advpack.d ll,LaunchI NFSection C:\WIND OWS\INF\ msmsgs.in f,BLC.Qui etInstall.P erUser [{6BF52A 52-394A- 11d3-B15 3-00C04F 79FAA6}] * StubPath = rundll32.e xe advpack.d ll,LaunchI NFSection C:\WIND OWS\INF\ wmp11.in f,PerUserS tub [{779076 9C-0471- 11d2-AF1 1-00C04F A35D02}] * StubPath = "%Progra mFiles%\ Outlook Express\s etup50.ex e" /APP:WA B /CALLER: WINNT /user /install [{898202 00-ECBD- 11cf-8B85 -00AA005 B4340}] * StubPath = regsvr32. exe /s /n /i:U shell32.dll [{898202 00-ECBD- 11cf-8B85 -00AA005 B4383}] * StubPath = %SystemR oot%\syst em32\ie4 uinit.exe [{89B4C1 CD-B018- 4511-B0A 1-5476DB F70820}] * StubPath = C:\WIND OWS\syst em32\Ru ndll32.ex e C:\WIND OWS\syst em32\msc ories.dll,I nstall ------------------ ------------------ -------------- Enumerati ng ICQ Agent Autostart apps: HKCU\Sof tware\Mir abilis\ICQ \Agent\A pps *Registry key not found* ------------------ ------------------ -------------- Load/Run keys from C:\WIND OWS\WIN .INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\ Windows NT\Curre ntVersion \WinLogo n: load=*Re gistry value not found* HKLM\..\ Windows NT\Curre ntVersion \WinLogo n: run=*Regi stry value not found* HKLM\..\ Windows\ CurrentVe rsion\Win Logon: load=*Re gistry key not found* HKLM\..\ Windows\ CurrentVe rsion\Win Logon: run=*Regi stry key not found* HKCU\..\ Windows NT\Curre ntVersion \WinLogo n: load=*Re gistry value not found* HKCU\..\ Windows NT\Curre ntVersion \WinLogo n: run=*Regi stry value not found* HKCU\..\ Windows\ CurrentVe rsion\Win Logon: load=*Re gistry key not found* HKCU\..\ Windows\ CurrentVe rsion\Win Logon: run=*Regi stry key not found* HKCU\..\ Windows NT\Curre ntVersion \Windows : load= HKCU\..\ Windows NT\Curre ntVersion \Windows : run=*Regi stry value not found* HKLM\..\ Windows NT\Curre ntVersion \Windows : load=*Re gistry value not found* HKLM\..\ Windows NT\Curre ntVersion \Windows : run=*Regi stry value not found* HKLM\..\ Windows NT\Curre ntVersion \Windows : AppInit_D LLs= ------------------ ------------------ -------------- Shell & screensav er key from C:\WIND OWS\SYS TEM.INI: Shell=*INI section not found* SCRNSAV E.EXE=*I NI section not found* drivers=*I NI section not found* Shell & screensav er key from Registry: Shell=Expl orer.exe SCRNSAV E.EXE=C:\ WINDOW S\system3 2\logon.s cr drivers=* Registry value not found* Policies Shell key: HKCU\..\P olicies: Shell=*Re gistry key not found* HKLM\..\P olicies: Shell=*Re gistry value not found* ------------------ ------------------ -------------- Checking for EXPLORE R.EXE instances: C:\WIND OWS\Expl orer.exe: PRESENT! C:\Explor er.exe: not present C:\WIND OWS\Expl orer\Expl orer.exe: not present C:\WIND OWS\Syst em\Explor er.exe: not present C:\WIND OWS\Syst em32\Exp lorer.exe: not present C:\WIND OWS\Com mand\Exp lorer.exe: not present C:\WIND OWS\Fon ts\Explore r.exe: not present ------------------ ------------------ -------------- Checking for superhidd en extension s: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden ------------------ ------------------ -------------- Verifying REGEDIT. EXE integrity: - Regedit.e xe found in C:\WIND OWS - .reg open command is normal (regedit.e xe %1) - Company name OK: 'Microsoft Corporati on' - Original filename OK: 'REGEDIT. EXE' - File descriptio n: 'Registry Editor' Registry check passed ------------------ ------------------ -------------- Enumerati ng Browser Helper Objects: (no name) - C:\Progra m Files\Yah oo!\Comp anion\Ins talls\cpn\ yt.dll - {02478D3 8-C3F9-4E FB-9B51- 7695ECA 05670} (no name) - C:\Progra m Files\Ado be\Acrob at 6.0\Acrob at\Active X\AcroIE Helper.dll - {06849E9 F-C8D7-4 D59-B87D -784B7D6 BE0B3} (no name) - C:\Progra m Files\Telst ra\Toolba r\bpumTo olBand.dll - {4C7B6D E1-99A4- 4CF1-8B4 4-688899 00E1D0} (no name) - C:\Progra m Files\Spyb ot - Search & Destroy\S DHelper.d ll - {5370796 2-6F74-2 D53-2644 -206D794 2484F} (no name) - C:\Progra m Files\Java \jre1.5.0_ 07\bin\ss v.dll - {761497B B-D6F0-4 62C-B6EB -D4DAF1 D92D43} (no name) - c:\progra m files\goog le\google toolbar2. dll - {AA58ED 58-01DD- 4d91-833 3-CF1057 7473F7} (no name) - C:\Progra m Files\Ado be\Acrob at 6.0\Acrob at\AcroIE FavClient. dll - {AE7CD0 45-E861-4 84f-8273- 0445EE1 61910} (no name) - C:\PROGR A~1\MOR PHE~1\M ORPHE~1 .DLL - {E552EEF C-DE97-4 5D4-BA1 A-F534A1 B4A579} ------------------ ------------------ -------------- Enumerati ng Task Scheduler jobs: MP Scheduled Scan.job [X Codec Pack] uninstall.j ob ------------------ ------------------ -------------- Enumerati ng Downloa d Program Files: [Microsoft XML Parser for Java] CODEBAS E = file:///C:/ WINDOW S/Java/cla sses/xmld so.cab OSD = C:\WIND OWS\Do wnloaded Program Files\Micr osoft XML Parser for Java.osd [{02BF25 D5-8C17- 4B23-BC8 0-D3488A BDDC6B}] CODEBAS E = http://ww w.apple.c om/qtacti vex/qtplu gin.cab [asusTek_ sysctrl Class] InProcSer ver32 = C:\WIND OWS\DO WNLO~1\ ASUSTE~ 1.DLL CODEBAS E = http://sup port.asus. com/com mon/asus Tek_sys_c trl.cab [Windows Genuine Advantag e Validatio n Tool] InProcSer ver32 = C:\WIND OWS\syst em32\legi tcheckcon trol.dll CODEBAS E = http://go. microsoft. com/fwlin k/?linkid= 39204 [YInstStar ter Class] InProcSer ver32 = C:\WIND OWS\Do wnloaded Program Files\yinst helper.dll CODEBAS E = http://us. dl1.yimg.c om/downl oad.yaho o.com/dl/ yinst/yins t_current. cab [Office Update Installatio n Engine] InProcSer ver32 = C:\WIND OWS\opu c.dll CODEBAS E = http://offi ce.micros oft.com/o fficeupdat e/content /opuc3.ca b [WUWeb Control Class] InProcSer ver32 = C:\WIND OWS\syst em32\wu web.dll CODEBAS E = http://up date.micr osoft.com /windows update/v 6/V5Cont rols/en/x 86/client/ wuweb_si te.cab?11 4566803 4457 [MUWebC ontrol Class] InProcSer ver32 = C:\WIND OWS\syst em32\mu web.dll CODEBAS E = http://up date.micr osoft.com /microsoft update/v 6/V5Cont rols/en/x 86/client/ muweb_si te.cab?11 4666962 6078 [Java Plug-in] InProcSer ver32 = C:\Progra m Files\Java \jre1.5.0_ 07\bin\ss v.dll CODEBAS E = http://jav a.sun.com /update/1 .5.0/jinsta ll-1_5_0_0 7-window s-i586.cab [MsnMess engerSetu pDownlo adControl Class] InProcSer ver32 = C:\WIND OWS\Do wnloaded Program Files\Msn Messenge rSetupDo wnloader. ocx CODEBAS E = http://me ssenger.m sn.com/d ownload/ MsnMesse ngerSetup Downloa der.cab [Java Plug-in] InProcSer ver32 = C:\Progra m Files\Java \jre1.5.0_ 07\bin\ss v.dll CODEBAS E = http://jav a.sun.com /update/1 .5.0/jinsta ll-1_5_0_0 1-window s-i586.cab [Java Plug-in] InProcSer ver32 = C:\Progra m Files\Java \jre1.5.0_ 07\bin\ss v.dll CODEBAS E = http://jav a.sun.com /update/1 .5.0/jinsta ll-1_5_0_0 6-window s-i586.cab [Java Plug-in] InProcSer ver32 = C:\Progra m Files\Java \jre1.5.0_ 07\bin\ss v.dll CODEBAS E = http://jav a.sun.com /update/1 .5.0/jinsta ll-1_5_0_0 7-window s-i586.cab [Java Plug-in 1.5.0_07] InProcSer ver32 = C:\Progra m Files\Java \jre1.5.0_ 07\bin\np jpi150_07 .dll CODEBAS E = http://jav a.sun.com /update/1 .5.0/jinsta ll-1_5_0_0 7-window s-i586.cab [Shockwa ve Flash Object] InProcSer ver32 = C:\WIND OWS\syst em32\Ma cromed\Fl ash\Flash 8b.ocx CODEBAS E = http://do wnload.m acromedi a.com/pu b/shockw ave/cabs/ flash/swfl ash.cab ------------------ ------------------ -------------- Enumerati ng Winsock LSP files: NameSpa ce #1: C:\WIND OWS\Syst em32\ms wsock.dll NameSpa ce #2: C:\WIND OWS\Syst em32\win rnr.dll NameSpa ce #3: C:\WIND OWS\Syst em32\ms wsock.dll Protocol #1: C:\WIND OWS\syst em32\ms wsock.dll Protocol #2: C:\WIND OWS\syst em32\ms wsock.dll Protocol #3: C:\WIND OWS\syst em32\ms wsock.dll Protocol #4: C:\WIND OWS\syst em32\rsv psp.dll Protocol #5: C:\WIND OWS\syst em32\rsv psp.dll Protocol #6: C:\WIND OWS\syst em32\ms wsock.dll Protocol #7: C:\WIND OWS\syst em32\ms wsock.dll Protocol #8: C:\WIND OWS\syst em32\ms wsock.dll Protocol #9: C:\WIND OWS\syst em32\ms wsock.dll Protocol #10: C:\WIND OWS\syst em32\ms wsock.dll Protocol #11: C:\WIND OWS\syst em32\ms wsock.dll Protocol #12: C:\WIND OWS\syst em32\ms wsock.dll Protocol #13: C:\WIND OWS\syst em32\ms wsock.dll Protocol #14: C:\WIND OWS\syst em32\ms wsock.dll Protocol #15: C:\WIND OWS\syst em32\ms wsock.dll ------------------ ------------------ -------------- Enumerati ng Windows NT/2000/ XP services DVB-TV 878 BDA Driver: System32 \Drivers\8 78BDA.sy s (system) Microsoft ACPI Driver: system32 \DRIVERS \ACPI.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32 \drivers\a ec.sys (manual start) AFD: \SystemR oot\Syste m32\drive rs\afd.sys (system) Service for WDM 3D Audio Driver: system32 \drivers\A LCXSENS. SYS (manual start) Service for Realtek AC97 Audio (WDM): system32 \drivers\A LCXWDM. SYS (manual start) Alerter: %SystemR oot%\syst em32\svc host.exe -k LocalServi ce (disabled) Applicatio n Layer Gateway Service: %SystemR oot%\Syst em32\alg. exe (manual start) Applicatio n Managem ent: %SystemR oot%\syst em32\svc host.exe -k netsvcs (manual start) ASP.NET State Service: %SystemR oot%\Micr osoft.NET \Framewo rk\v2.0.5 0727\asp net_state. exe (manual start) RAS Asynchro nous Media Driver: system32 \DRIVERS \asyncma c.sys (manual start) Standard IDE/ESDI Hard Disk Controller : system32 \DRIVERS \atapi.sys (system) Ati HotKey Poller: %SystemR oot%\syst em32\Ati 2evxx.exe (autostart ) ATI Smart: C:\WIND OWS\syst em32\ati 2sgag.exe (autostart ) ati2mtag: system32 \DRIVERS \ati2mtag .sys (manual start) ATM ARP Client Protocol: system32 \DRIVERS \atmarpc. sys (manual start) Windows Audio: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) Audio Stub Driver: system32 \DRIVERS \audstub. sys (manual start) AVG7 Alert Manager Server: C:\PROGR A~1\Gris oft\AVGF RE~1\avg amsvr.exe (autostart ) AVG7 Kernel: \SystemR oot\Syste m32\Driv ers\avg7c ore.sys (system) AVG7 Wrap Driver: \SystemR oot\Syste m32\Driv ers\avg7r sw.sys (system) AVG7 Resident Driver XP: \SystemR oot\Syste m32\Driv ers\avg7r sxp.sys (system) AVG7 Update Service: C:\PROGR A~1\Gris oft\AVGF RE~1\avg upsvc.exe (autostart ) AVG E-mail Scanner: C:\PROGR A~1\Gris oft\AVGF RE~1\avg emc.exe (autostart ) AVG Network Redirector : \SystemR oot\Syste m32\Driv ers\avgtdi .sys (autostart ) Belarc SMBios Access: \SystemR oot\Syste m32\Driv ers\BANT Ext.sys (system) Backgrou nd Intelligent Transfer Service: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) Computer Browser: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) Closed Caption Decoder: system32 \DRIVERS \CCDECO DE.sys (manual start) CdaC15B A: \??\C:\WI NDOWS\s ystem32\ drivers\C DAC15BA .SYS (autostart ) CD-ROM Driver: system32 \DRIVERS \cdrom.sy s (system) Indexing Service: %SystemR oot%\syst em32\cisv c.exe (manual start) ClipBook: %SystemR oot%\syst em32\clip srv.exe (disabled) .NET Runtime Optimizat ion Service v2.0.5072 7_X86: C:\WIND OWS\Micr osoft.NET \Framewo rk\v2.0.5 0727\msc orsvw.exe (manual start) C-Media WDM Audio Interface: system32 \drivers\c muda.sys (manual start) COM+ System Applicatio n: C:\WIND OWS\syst em32\dllh ost.exe /Processid :{02D4B3 F1-FD88- 11D1-960 D-00805F C79235} (manual start) Cryptogra phic Services: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) DCOM Server Process Launcher: %SystemR oot%\syst em32\svc host -k DcomLau nch (autostart ) DHCP Client: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) Disk Driver: system32 \DRIVERS \disk.sys (system) Logical Disk Manager Administr ative Service: %SystemR oot%\Syst em32\dm admin.exe /com (manual start) dmboot: System32 \drivers\d mboot.sys (disabled) dmio: System32 \drivers\d mio.sys (disabled) dmload: System32 \drivers\d mload.sys (disabled) Logical Disk Manager: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (manual start) Microsoft Kernel DLS Syntheisz er: system32 \drivers\D Music.sys (manual start) DNS Client: %SystemR oot%\syst em32\svc host.exe -k NetworkS ervice (autostart ) Microsoft Kernel DRM Audio Descramb ler: system32 \drivers\d rmkaud.sy s (manual start) DtvAudio: system32 \DRIVERS \DtvAudi o.sys (manual start) DtvVideo: system32 \DRIVERS \DtvVideo .sys (manual start) Error Reporting Service: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) Event Log: %SystemR oot%\syst em32\ser vices.exe (autostart ) COM+ Event System: C:\WIND OWS\syst em32\svc host.exe -k netsvcs (manual start) Fast User Switching Compatibi lity: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (manual start) Floppy Disk Controller Driver: system32 \DRIVERS \fdc.sys (manual start) VIA PCI 10/100M b Fast Ethernet Adapter NT Driver: system32 \DRIVERS \fetnd5.sy s (manual start) Floppy Disk Driver: system32 \DRIVERS \flpydisk.s ys (manual start) FltMgr: system32 \DRIVERS \fltMgr.sy s (system) Volume Manager Driver: system32 \DRIVERS \ftdisk.sys (system) GMSIPCI: \??\E:\INS TALL\GM SIPCI.SYS (manual start) Generic Packet Classifier: system32 \DRIVERS \msgpc.sy s (manual start) Help and Support: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) Human Interface Device Access: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (disabled) Microsoft HID Class Driver: system32 \DRIVERS \hidusb.s ys (manual start) HSFHWBS 2: system32 \DRIVERS \HSFBS2S 2.sys (manual start) HSF_DP: system32 \DRIVERS \HSFDPSP 2.sys (manual start) HTTP: System32 \Drivers\ HTTP.sys (manual start) HTTP SSL: %SystemR oot%\Syst em32\svc host.exe -k HTTPFilte r (manual start) i8042 Keyboard and PS/2 Mouse Port Driver: system32 \DRIVERS \i8042prt. sys (system) InstallDriv er Table Manager: "C:\Progra m Files\Com mon Files\Inst allShield\ Driver\11 \Intel 32\IDriver T.exe" (manual start) CD-Burnin g Filter Driver: system32 \DRIVERS \imapi.sys (system) IMAPI CD-Burnin g COM Service: C:\WIND OWS\syst em32\ima pi.exe (manual start) Intel Processor Driver: system32 \DRIVERS \intelppm. sys (system) IPv6 Windows Firewall Driver: system32 \DRIVERS \Ip6Fw.sy s (manual start) IP Traffic Filter Driver: system32 \DRIVERS \ipfltdrv.s ys (manual start) IP in IP Tunnel Driver: system32 \DRIVERS \ipinip.sys (manual start) IP Network Address Translator : system32 \DRIVERS \ipnat.sys (manual start) iPodServic e: C:\Progra m Files\iPod \bin\iPod Service.ex e (manual start) IPSEC driver: system32 \DRIVERS \ipsec.sys (system) IR Enumerat or Service: system32 \DRIVERS \irenum.s ys (manual start) PnP ISA/EISA Bus Driver: system32 \DRIVERS \isapnp.sy s (system) Keyboard Class Driver: system32 \DRIVERS \kbdclass. sys (system) Microsoft Kernel Wave Audio Mixer: system32 \drivers\k mixer.sys (manual start) Server: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) Workstati on: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) TCP/IP NetBIOS Helper: %SystemR oot%\syst em32\svc host.exe -k LocalServi ce (autostart ) Machine Debug Manager: "C:\Progra m Files\Com mon Files\Micr osoft Shared\VS 7DEBUG\ MDM.EXE " (autostart ) mdmxsdk: system32 \DRIVERS \mdmxsd k.sys (autostart ) Messenge r: %SystemR oot%\syst em32\svc host.exe -k netsvcs (disabled) NetMeeti ng Remote Desktop Sharing: C:\WIND OWS\syst em32\mn msrvc.exe (manual start) Unimode m Streaming Filter Device: system32 \drivers\ MODEMC SA.sys (manual start) Mouse Class Driver: system32 \DRIVERS \mouclass .sys (system) Mouse HID Driver: system32 \DRIVERS \mouhid.s ys (manual start) BDA MPE Filter: system32 \DRIVERS \MPE.sys (manual start) WebDav Client Redirector : system32 \DRIVERS \mrxdav.s ys (manual start) MRXSMB: system32 \DRIVERS \mrxsmb.s ys (system) Distribute d Transacti on Coordinat or: C:\WIND OWS\syst em32\ms dtc.exe (manual start) Windows Installer: C:\WIND OWS\syst em32\msi exec.exe /V (manual start) Microsoft Streaming Service Proxy: system32 \drivers\ MSKSSRV. sys (manual start) Microsoft Streaming Clock Proxy: system32 \drivers\ MSPCLOC K.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32 \drivers\ MSPQM.sy s (manual start) Microsoft System Managem ent BIOS Driver: system32 \DRIVERS \mssmbio s.sys (manual start) Microsoft Streaming Tee/Sink-t o-Sink Converter : system32 \drivers\ MSTEE.sy s (manual start) NABTS/FE C VBI Codec: system32 \DRIVERS \NABTSFE C.sys (manual start) Microsoft TV/Video Connectio n: system32 \DRIVERS \NdisIP.sy s (manual start) Remote Access NDIS TAPI Driver: system32 \DRIVERS \ndistapi. sys (manual start) NDIS Usermode I/O Protocol: system32 \DRIVERS \ndisuio.s ys (manual start) Remote Access NDIS WAN Driver: system32 \DRIVERS \ndiswan. sys (manual start) NetBIOS Interface: system32 \DRIVERS \netbios.s ys (system) NetBios over Tcpip: system32 \DRIVERS \netbt.sys (system) Network DDE: %SystemR oot%\syst em32\net dde.exe (disabled) Network DDE DSDM: %SystemR oot%\syst em32\net dde.exe (disabled) Net Logon: %SystemR oot%\syst em32\lsas s.exe (manual start) Network Connectio ns: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (manual start) Network Location Awarenes s (NLA): %SystemR oot%\syst em32\svc host.exe -k netsvcs (manual start) NMSAcces s: C:\Progra m Files\Che etah Burner\C heetah DVD Burner\N MSAccess. exe (autostart ) NT LM Security Support Provider: %SystemR oot%\syst em32\lsas s.exe (manual start) Removabl e Storage: %SystemR oot%\syst em32\svc host.exe -k netsvcs (manual start) IPX Traffic Filter Driver: system32 \DRIVERS \nwlnkflt. sys (manual start) IPX Traffic Forwarde r Driver: system32 \DRIVERS \nwlnkfw d.sys (manual start) Office Source Engine: "C:\Progra m Files\Com mon Files\Micr osoft Shared\So urce Engine\O SE.EXE" (manual start) Parallel port driver: system32 \DRIVERS \parport.s ys (manual start) PCI Bus Driver: system32 \DRIVERS \pci.sys (system) PCIIde: system32 \DRIVERS \pciide.sy s (system) VSO Software pcouffin: System32 \Drivers\p couffin.sy s (manual start) Padus ASPI Shell: system32 \drivers\p fc.sys (manual start) Plug and Play: %SystemR oot%\syst em32\ser vices.exe (autostart ) IPSEC Services: %SystemR oot%\syst em32\lsas s.exe (autostart ) WAN Miniport (PPTP): system32 \DRIVERS \raspptp.s ys (manual start) Protected Storage: %SystemR oot%\syst em32\lsas s.exe (autostart ) QoS Packet Scheduler: system32 \DRIVERS \psched.s ys (manual start) Direct Parallel Link Driver: system32 \DRIVERS \ptilink.sy s (manual start) PxHelp20: System32 \Drivers\P xHelp20.s ys (system) Remote Access Auto Connectio n Driver: system32 \DRIVERS \rasacd.sy s (system) Remote Access Auto Connectio n Manager: %SystemR oot%\syst em32\svc host.exe -k netsvcs (manual start) WAN Miniport (L2TP): system32 \DRIVERS \rasl2tp.s ys (manual start) Remote Access Connectio n Manager: %SystemR oot%\syst em32\svc host.exe -k netsvcs (manual start) Remote Access PPPOE Driver: system32 \DRIVERS \raspppoe .sys (manual start) Direct Parallel: system32 \DRIVERS \raspti.sys (manual start) Rdbss: system32 \DRIVERS \rdbss.sys (system) RDPCDD: System32 \DRIVERS \RDPCDD. sys (system) Remote Desktop Help Session Manager: C:\WIND OWS\syst em32\ses smgr.exe (manual start) Digital CD Audio Playback Filter Driver: system32 \DRIVERS \redbook. sys (system) Routing and Remote Access: %SystemR oot%\syst em32\svc host.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemR oot%\syst em32\loc ator.exe (manual start) Remote Procedure Call (RPC): %SystemR oot%\syst em32\svc host -k rpcss (autostart ) QoS RSVP: %SystemR oot%\syst em32\rsv p.exe (manual start) Security Accounts Manager: %SystemR oot%\syst em32\lsas s.exe (autostart ) Smart Card: %SystemR oot%\Syst em32\SCa rdSvr.exe (manual start) Task Scheduler: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) Secdrv: system32 \DRIVERS \secdrv.sy s (manual start) Secondar y Logon: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) System Event Notificati on: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) Serenum Filter Driver: system32 \DRIVERS \serenum. sys (manual start) Serial port driver: system32 \DRIVERS \serial.sys (system) ServiceLa yer: "C:\Progra m Files\Com mon Files\PCS uite\Servi ces\Servic eLayer.ex e" (manual start) Windows Firewall/I nternet Connectio n Sharing (ICS): %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) Shell Hardware Detection: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) BDA Slip De-Framer : system32 \DRIVERS \SLIP.sys (manual start) Microsoft Kernel Audio Splitter: system32 \drivers\s plitter.sys (manual start) Print Spooler: %SystemR oot%\syst em32\spo olsv.exe (autostart ) System Restore Filter Driver: system32 \DRIVERS \sr.sys (system) System Restore Service: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) Srv: system32 \DRIVERS \srv.sys (manual start) SSDP Discovery Service: %SystemR oot%\syst em32\svc host.exe -k LocalServi ce (manual start) Windows Image Acquisitio n (WIA): %SystemR oot%\syst em32\svc host.exe -k imgsvc (autostart ) BDA IPSink: system32 \DRIVERS \StreamIP. sys (manual start) Software Bus Driver: system32 \DRIVERS \swenum. sys (manual start) Microsoft Kernel GS Wavetabl e Synthesiz er: system32 \drivers\s wmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WIND OWS\syst em32\dllh ost.exe /Processid :{A1DD0C 35-2E28-4 DD8-8D6 E-618627 509033} (manual start) Microsoft Kernel System Audio Device: system32 \drivers\s ysaudio.s ys (manual start) Performa nce Logs and Alerts: %SystemR oot%\syst em32\sml ogsvc.exe (manual start) Telephon y: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (manual start) TCP/IP Protocol Driver: system32 \DRIVERS \tcpip.sys (system) Terminal Device Driver: system32 \DRIVERS \termdd.s ys (system) Terminal Services: %SystemR oot%\Syst em32\svc host -k DComLau nch (manual start) Themes: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) Distribute d Link Tracking Client: %SystemR oot%\syst em32\svc host.exe -k netsvcs (autostart ) LGE U8XXX driver (WDM): system32 \DRIVERS \U81xbus .sys (manual start) LGE U8XXX USB WMC Modem Filter: system32 \DRIVERS \U81xmdf l.sys (manual start) LGE U8XXX USB WMC Modem Driver: system32 \DRIVERS \U81xmd m.sys (manual start) LGE U8XXX USB WMC Device Managem ent Drivers (WDM): system32 \DRIVERS \U81xmg mt.sys (manual start) LGE U8XXX USB WMC OBEX Interface: system32 \DRIVERS \U81xobe x.sys (manual start) Microsoft AGPv3.5 Filter: system32 \DRIVERS \uagp35.s ys (system) Microcod e Update Driver: system32 \DRIVERS \update.s ys (manual start) Universal Plug and Play Device Host: %SystemR oot%\syst em32\svc host.exe -k LocalServi ce (manual start) Uninterru ptible Power Supply: %SystemR oot%\Syst em32\ups .exe (manual start) Microsoft USB Generic Parent Driver: system32 \DRIVERS \usbccgp. sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32 \DRIVERS \usbehci.s ys (manual start) USB2 Enabled Hub: system32 \DRIVERS \usbhub.s ys (manual start) Microsoft USB PRINTER Class: system32 \DRIVERS \usbprint. sys (manual start) USB Scanner Driver: system32 \DRIVERS \usbscan. sys (manual start) USB Mass Storage Driver: system32 \DRIVERS \USBSTOR .SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: system32 \DRIVERS \usbuhci.s ys (manual start) VgaSave: \SystemR oot\Syste m32\drive rs\vga.sys (system) VIA AGP Filter: system32 \DRIVERS \viaagp1. sys (system) ViaIde: system32 \DRIVERS \viaide.sy s (system) viasraid: system32 \DRIVERS \viasraid.s ys (system) DTVNet Ethernet Controller : system32 \DRIVERS \DTVNet.s ys (manual start) Volume Shadow Copy: %SystemR oot%\Syst em32\vss vc.exe (manual start) Windows Time: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) Remote Access IP ARP Driver: system32 \DRIVERS \wanarp.s ys (manual start) Microsoft WINMM WDM Audio Compatibi lity Driver: system32 \drivers\ wdmaud.s ys (system) WebClien t: %SystemR oot%\syst em32\svc host.exe -k LocalServi ce (autostart ) winachsf: system32 \DRIVERS \HSFCXTS 2.sys (manual start) Windows Defender Service: "C:\Progra m Files\Win dows Defender\ MsMpEng .exe" (autostart ) Windows Managem ent Instrumen tation: %systemr oot%\syst em32\svc host.exe -k netsvcs (autostart ) Portable Media Serial Number Service: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (manual start) WMI Performa nce Adapter: C:\WIND OWS\syst em32\wb em\wmia psrv.exe (manual start) Windows Media Player Network Sharing Service: C:\Progra m Files\Win dows Media Player\W MPNetwk. exe (manual start) Windows Socket 2.0 Non-IFS Service Provider Support Environm ent: \SystemR oot\Syste m32\drive rs\ws2ifsl. sys (disabled) Security Center: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) World Standard Teletext Codec: system32 \DRIVERS \WSTCOD EC.SYS (manual start) Automati c Updates: %systemr oot%\syst em32\svc host.exe -k netsvcs (autostart ) Windows Driver Foundati on - User-mod e Driver Framewor k Platform Driver: system32 \DRIVERS \WudfPf.s ys (manual start) Windows Driver Foundati on - User-mod e Driver Framewor k Reflector: system32 \DRIVERS \wudfrd.s ys (manual start) Windows Driver Foundati on - User-mod e Driver Framewor k: %SystemR oot%\syst em32\svc host.exe -k WudfServi ceGroup (manual start) Wireless Zero Configura tion: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (autostart ) Network Provisioni ng Service: %SystemR oot%\Syst em32\svc host.exe -k netsvcs (manual start) ------------------ ------------------ -------------- Enumerati ng Windows NT logon/log off scripts: *No scripts set to run* Windows NT checkdisk command : BootExec ute = autochec k autochk * Windows NT 'Wininit.in i': PendingFi leRename Operation s: *Registry value not found* ------------------ ------------------ -------------- Enumerati ng ShellServi ceObject DelayLoa d items: PostBoot Reminder: C:\WIND OWS\syst em32\SH ELL32.dll CDBurn: C:\WIND OWS\syst em32\SH ELL32.dll WebChec k: C:\WIND OWS\syst em32\we bcheck.dll SysTray: C:\WIND OWS\syst em32\sto bject.dll WPDShSer viceObj: C:\WIND OWS\syst em32\WP DShServic eObj.dll ------------------ ------------------ -------------- Autorun entries from Registry: HKCU\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\policie s\Explorer \Run *Registry key not found* ------------------ ------------------ -------------- Autorun entries from Registry: HKLM\Sof tware\Mic rosoft\Wi ndows\Cu rrentVersi on\policie s\Explorer \Run *Registry key not found* ------------------ ------------------ -------------- End of report, 38,070 bytes Report generated in 0.157 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspici ous data /full - to include several rarely-imp ortant sections /force9x - to include Win9x-onl y startups even if running on WinNT /forcent - to include WinNT-on ly startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only In anticipation THANKS A MILLION
You got a real nasty there, AskBar.A. And it looks like it has infected many files. Let's get rid of this [bold]first[/bold]! After much research on this and not much to go by, I [bold]think[/bold] Ewido will remove it. (key word "think") I have found limited solutions to this case so, let's give it a try. You can get Ewdio here: http://free.grisoft.com/doc/1 Install and update. Run in safe mode. Post new HijackThis log along with the Ewdio log. See a few other things but, they can wait.
