Win32.softomate does not go HIGH RISK please help!

i am hoping someone can help me with win32.softomate it is a trojan found by zone alarm and it says it is a high risk.
I deleted it but win32.softomate keeps coming back, it causes my computer to crash frequently please help thank you.
i tried a virus scan with virus scan enterprise but it does not ifnd anything.

 

Hi

Please be patient and I'd be grateful if you would note the following:

*I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
*The fixes are specific to your problem and should only be used for this issue on this machine.
*Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
*It's often worth reading through these instructions and printing them for ease of reference.
*If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
*Finally, please reply to this thread. Do not start a new topic.


Please post a HJT (HijackThis) log, to do so, follow theese simple instructions :-D

Download HJT from HERE

Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use something like "C:\Program Files\HijackThis" but feel free to use any name. See here for specific instructions and screen shots to help:
http://russelltexas.com/malware/createhjtfolder.htm

This is to ensure it makes the necessary backups for recovery if needed.

Run the HijackThis.exe file and choose to run a "Full System Scan And Save Logfile"in a matter of seconds you should see a notepad document pop up (the logfile), copy and paste thar log file into a reply here.

Cheers

 

here is the lof file of hijack this

Logfile of HijackThis v1.99.1
Scan saved at 21:41:32, on 07/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zan...17ae0d655d23:3e3654fb7f06cf939d3cafd35fff1431
O17 - HKLM\System\CCS\Services\Tcpip\..\{398293D7-0D39-41CD-8E23-A10584A53B96}: NameServer = 80.225.255.177 80.225.255.185
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

I'm think this is a false positive. Let's be sure.

Go here and run an Active Scan. When it finishes, save the results and post them here.

 

it is NOT a false positive, please help, this thing is causing alot of problems for me here.

@Rav I have done what you asked with the HJT and the log file, what do i do now?

kind regards, BluRay

 

@Niobis,

Hi Niobis, if a helper was already claimed a log (in this case me) and is working with the victim, please do not weed yourself in and ask them to try other sugegstions as it kinda steps on my toes, this is a polite reqeust I'd like to ask of you, if you could follow it I would really appriciate it, thanks buddy

Its just the way we are taught..you can blame the MRU for that

@BluRay,

Hi BluRay,

First and for most, you said Zone Alarm picked it up, would this be by any chance Zone Alarm Anti Virus??
You have MacAfee installed on your computer, this has a Anti Virus included (and a firewall and anti spyware), please disable Za is confliting with MacAfee, uninstall one of them.

Before you do this, tell me the exact ZA you have and the exact MacAfee, just to make sure, having software conflict like this can turn nasty...

Cheers.

 

@Rav, thank you for helping me.

I have a ZA firewall, and it is ZA pro. its built in anti spyware thingy picked it up.

And I have Network Associates Virus On-Demand Scan and VirusScan Console, I also have Network Associates On-Acces Scan enabled.

 

Hey there BluRay

HJT isn't showind me much that could be the cause of the problem, unless I missed somthing.

For now, I would like you to do the following (In this order):

ATF-Cleaner

Please download ATF Cleaner by Atribune from here. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Install and configure Ewido Anti-Spyware

http://www.ewido.net/en/download/

- Download the Ewido anti-spyware setup program from this link
- Run the program to start installation of Ewido, accept the EULA and the default options
- Once Ewido has been installed and is running, open the Ewido window and under Your Computer's Security select Update Now, then select Start Update
- Ewido will now update it's definition files
- If for any reason Ewido cannot update, download the Full Database from here: http://www.ewido.net/en/download/updates/, execute the update file and this will complete the update
- Next, under Your Computer's Security select Scan Now, and then choose the Settings tab.
----- Under How to act? select Quarantine
----- Under How to scan? and Possibly unwanted software make sure all boxes are ticked
----- Under Reports select Automatically generate report after every scan and make sure Only if threats are found is unchecked
----- Under What to scan? select Scan every file
- Close Ewido

Install Ad-Aware and scan your computer

http://www.lavasoft.com/software/adaware/

- Download the Ad-Aware installation file from this link
- Run the installer and install with default options
- Start the program, if you are asked if you wish to update the definitions file, then say yes, and go ahead with the update
- If you are not asked, press Check for updates now and update the definitions file
- Next, press the Start, choose Perform full system scan, de-select Search for negligible risk entries, and check Search for low-risk threats is selected, then press Next
- When the scan is complete, press Next and select the Critical Objects tab, right-click inside the window and choose Select All Objects, then select next, and confirm the removal.
- Close Ad-Aware

Install Spybot S&D and scan your computer

http://www.safer-networking.org/en/mirrors/index.html

- Download the Spybot S&D installation file from this link
- Run the installer and install with default options
- Start the program, select Search for Updates
- A list of updates should appear, right-click the list and select Select All, then click Download Updates near the top
- Next, click Search & Destroy from the toolbar on the left side, and then click Check for problems from the top
- When the scan is complete, place a check mark in the box next to all entries marked in red, and press Fix selected problems
- Close Spybot S&D

Now I would like you to run an online scan, from here http://www.trendmicro.com/hc_intro/default.asp.

1. Once up click on "Scan now. It's Free"
2. Read the Term & Use and check "Yes, I accept the Terms of Use" and then click on "Launching HouseCall"
3. Quick Select: "Scan complete computer for Malware, grayware and vulnerabilities" click "Next"
4. Let Housecall go through ALL three "Steps". It can take upto 30 minutes or more to scan.
5. Please do not use your computer whilst the scan is in progress.
6. Once the scan is done select "clean all detected infections automatically"
7. For detected HTTP cookies, select "Remove all deteccted cookies". And click "Clean Now"
8. Then a message will come up; click "OK" and let it delete the selected infections.
9. During the clean up. Note any infected files down into a .txt file in Notepad. Ready to post in your next reply.
10. When asked to perforn a full scan again click "No". And restart your computer.


If anything is found please save the log and post it here (Ad-Aware, Ewido, Spybot and Trend Micro)

Thanks for your co operation.

 

thanks Rav.

I am doing what you told me right after this post.
I already have Spybot SD and used to have ad-aware.

But what I realy wanted you to know was that, i dont think that ZA firewall pro can conflict with my anti virus because i read you have ZA and you know on the ZA pro control centre there is a tab saying anti-virus monitering, well it fully recognises my anti-vrus program so does that mean they wont conflict?

 

Don't worry about conflicts, your safe

I asked you:

"Before you do this, tell me the exact ZA you have and the exact MacAfee, just to make sure, having software conflict like this can turn nasty... "

You told me its ZA Pro, I assumed it was ZA IS as you said ZA picked up malware (I thought you were using ZA AV), but your not, so no worrys, just make sure MacAfee firewall is off and thats that.

Let me know how it goes and show me some logs (if there is any).

Cheers.

 

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:06:24 08/09/2006

+ Scan result:



C:\Program Files\STK014\STK014D.exe -> Adware.Cres : Cleaned.
C:\Program Files\STK014\STK014K.exe -> Adware.Cres : Cleaned.
HKU\S-1-5-21-339205157-3944151131-3709868680-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : Cleaned.
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
:mozilla.48:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.77:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.102:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.49:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.50:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.44:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.55:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.58:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.56:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.43:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.35:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Sunny\Application Data\Mozilla\Firefox\Profiles\pp61g924.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

 

@Rav, please excuse me for the double post.
The above post is a Report after a full scan with ewido

 

Sorry to push in like that, I was just trying to save you and him time. Instead of running many different scans, as you have told him to do, 1 scan would have found it. Then, you would know what scans, if any, you need to run. But, you can see it's not there. Only some adware and another virus, not of the name Win32.softomate.

Another reason, it had been 3 hours since your last post and it was NOT showing in the HjT log. But, next time I won't jump in, sorry.

 

@BluRay,

From the Ewido Scan we now know there is some nastys about, that HJT didn't show, Ewido hasn't seemed to have said anything about the particular trojan ZA claims to find, but lets first finish what I asked you to do, now I would like to see the following reports:

*Ad-aware
*Spybot S&D
*Trend Micro

@Niobis,

Hi, thanks for understanding, no hard feelings, I disagree with you when you say "1 scan would have found it", but thats just me.

Cheers.

 

I SERIOUSLY need help Rav.
I dont know what it is or if it is realted to Win.32 .softomate but my computer is dieing.

TO ALL MODS
If i happen to make double or triple posts here, please forgive me, I may make a double post but ONLY for the convnience of those that are helping, because I may need to seperate reports from different programs


There seems to be something wrong with ZA my computer when ZA is running is ok a bit slow, but when i shut down ZA or try and install an update the computer freezes as soon as ZA is down, nothing works.
If I try and shut down the pc it will say "You Do Not Have Permission To Shut Down this Computer" and same for restart.

It will also say insufficent memory to run this program please close one or more programs, what could be happeneing please please pleeeeaaaase help.

I was thinking of formating the hard disk, but i dont know if that will get rid of win XP media centre because if it does i dont have another installtion disc for it, what do i do?

at my wits end, BluRay.

 

Ad-Aware SE Build 1.06r1
Logfile Created on:09 September 2006 17:17:49
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R122 08.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):35 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09-09-2006 17:17:49 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 696
ThreadCreationTime : 09-09-2006 16:06:01
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 09-09-2006 16:06:02
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 09-09-2006 16:06:02
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 816
ThreadCreationTime : 09-09-2006 16:06:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 828
ThreadCreationTime : 09-09-2006 16:06:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 09-09-2006 16:06:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 09-09-2006 16:06:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 09-09-2006 16:06:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1188
ThreadCreationTime : 09-09-2006 16:06:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 09-09-2006 16:06:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1460
ThreadCreationTime : 09-09-2006 16:06:05
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1504
ThreadCreationTime : 09-09-2006 16:06:05
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1532
ThreadCreationTime : 09-09-2006 16:06:05
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [ehrecvr.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 1716
ThreadCreationTime : 09-09-2006 16:06:06
BasePriority : Above Normal
FileVersion : 5.1.2715.2773 (xpsp(wmbla).051011-0745)
ProductVersion : 5.1.2715.2773
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Receiver Service
InternalName : ehRecvr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehRecvr.exe

#:15 [ehsched.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 1744
ThreadCreationTime : 09-09-2006 16:06:06
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:16 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1836
ThreadCreationTime : 09-09-2006 16:06:06
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:17 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1944
ThreadCreationTime : 09-09-2006 16:06:06
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:18 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 2032
ThreadCreationTime : 09-09-2006 16:06:06
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:19 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 196
ThreadCreationTime : 09-09-2006 16:06:06
BasePriority : High


#:20 [naprdmgr.exe]
FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
ProcessID : 204
ThreadCreationTime : 09-09-2006 16:06:06
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:21 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 236
ThreadCreationTime : 09-09-2006 16:06:07
BasePriority : Normal


#:22 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 356
ThreadCreationTime : 09-09-2006 16:06:07
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 504
ThreadCreationTime : 09-09-2006 16:06:07
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [ehtray.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 1236
ThreadCreationTime : 09-09-2006 16:06:09
BasePriority : Normal
FileVersion : 5.1.2715.2765 (xpsp(wmbla).050928-2135)
ProductVersion : 5.1.2715.2765
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:25 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:26 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1380
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1516
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal


#:28 [intelmem.exe]
FilePath : C:\Program Files\Intel\Modem Event Monitor\
ProcessID : 876
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal
FileVersion : 0, 1, 0, 10
ProductVersion : 0, 1, 0, 10
ProductName : Intel Modem Event Monitor Application
CompanyName : Intel Corporation
FileDescription : Modem Event Monitor Application
InternalName : Modem Event Monitor
LegalCopyright : Copyright (C) 2003
OriginalFilename : IntelMEM.exe

#:29 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1688
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:30 [dlactrlw.exe]
FilePath : C:\WINDOWS\System32\DLA\
ProcessID : 1664
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal
FileVersion : 5.20.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:31 [ehmsas.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 2088
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:32 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2112
ThreadCreationTime : 09-09-2006 16:06:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:33 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2224
ThreadCreationTime : 09-09-2006 16:06:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:34 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 2244
ThreadCreationTime : 09-09-2006 16:06:11
BasePriority : Normal


#:35 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 2272
ThreadCreationTime : 09-09-2006 16:06:11
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:36 [tbmon.exe]
FilePath : C:\Program Files\Common Files\Network Associates\TalkBack\
ProcessID : 2308
ThreadCreationTime : 09-09-2006 16:06:11
BasePriority : Normal
FileVersion : 2.0.275.0
ProductVersion : 2.0.275.0
ProductName : TalkBack Monitor
CompanyName : Network Associates, Inc.
FileDescription : TalkBack Monitor
InternalName : TBMON
LegalCopyright : ©2003 Networks Associates Technology, Inc. All Rights Reserved.
LegalTrademarks : McAfee & Network Associates are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. (c) 2003 Network Associates Technology, Inc. All Rights Reserved.
OriginalFilename : TBMON.EXE

#:37 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2316
ThreadCreationTime : 09-09-2006 16:06:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:38 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2372
ThreadCreationTime : 09-09-2006 16:06:11
BasePriority : Normal
FileVersion : 6.5.722.000
ProductVersion : 6.5.722.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:39 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 2444
ThreadCreationTime : 09-09-2006 16:06:12
BasePriority : Normal
FileVersion : 6.5.722.000
ProductVersion : 6.5.722.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:40 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2452
ThreadCreationTime : 09-09-2006 16:06:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:41 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2692
ThreadCreationTime : 09-09-2006 16:06:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:42 [mcrdsvc.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 2728
ThreadCreationTime : 09-09-2006 16:06:17
BasePriority : Normal
FileVersion : 4.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 4.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : MCRD Device Service
InternalName : McrdSvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : McrdSvc.exe

#:43 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3172
ThreadCreationTime : 09-09-2006 16:06:41
BasePriority : Normal


#:44 [dllhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3404
ThreadCreationTime : 09-09-2006 16:07:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe

#:45 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3608
ThreadCreationTime : 09-09-2006 16:07:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2820
ThreadCreationTime : 09-09-2006 16:16:40
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (http://static.zangocash.com/cab/zango/ie/bridge-c18.cab?4313d5f7df57d5f54c3fbe98ac747f02f7734fd5e45588ae5b106b756ee0dbc2a4c749604ae4cb3492bcf034a7339162d2c46d7a9c03a901497917ae0d655d23:3e3654fb7f06cf939d3cafd35fff1431)

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sunny@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sunny@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\DOCUME~1\Sunny\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1



MRU List Object Recognized!
Location: : C:\Documents and Settings\Sunny\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Sunny\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\frontpage
Description : default save location in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\frontpage\editor
Description : default add image directory for microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\frontpage\explorer\navigation\mrulist
Description : list for the navigation feature of microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\office\10.0\common\open find\microsoft frontpage\settings\video\file name mru
Description : list of recently used videos in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-339205157-3944151131-3709868680-1005\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36

17:19:35 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:45.938
Objects scanned:88883
Objects identified:1
Objects ignored:0
New critical objects:1

 

Another thing I should mention is that, ZA is giving me messages its never given before like when i open system restore or control panel it will say suspisous behaviour HKEY registry windows explorer BLAH BLAH, allow deny.

its never done that before. Its like ZA has become the bug.

 

Hey BluRay,

Theres no need to consider formatting yet, we'll get you sorted in no time with some luck, to answer your qeustions about formating the hard drive, you will lose media centre and all other data.

The mesages ZA is giving you are 100% normal.

Lets give ComboFix a try

1. Download ComboFix by sUB combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please navigate to Windows Explorer(open it up via Start >All Programs > Accessories) and locate + delete the following files or folders listed in bold(if they exist):

>-----

C:\WINDOWS\system32\actskn45.ocx

>-----

*Please note anything you were not able to find or delete!

 

No could not find actskn45.oxe

what do i do next?

the post after this has the ComboFix log file thing.

 

Sunny - 06-09-09 20:11:41.71
ComboFix 06.09.07 - Running from: C:\Documents and Settings\Sunny\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-09 to 2006-09-09 ))))))))))))))))))))))))))))))))))


2006-08-25 16:37 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2006-08-25 16:36 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2006-08-25 16:36 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-08-25 16:36 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-08-25 16:36 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2006-08-25 16:36 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2006-08-16 16:58 92,160 --a------ C:\WINDOWS\system32\evntwin.exe
2006-08-16 16:58 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
2006-08-16 16:58 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2006-08-16 16:58 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2006-08-16 16:58 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2006-08-16 16:58 32,768 --a------ C:\WINDOWS\system32\snmp.exe
2006-08-16 16:58 24,064 --a------ C:\WINDOWS\system32\evntcmd.exe
2006-08-16 16:58 101,888 --a------ C:\WINDOWS\system32\evntagnt.dll
2006-08-10 17:31 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-09 20:07 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-09 18:55 -------- d-------- C:\Program Files\Internet Explorer
2006-09-09 18:49 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-09 10:50 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-08 21:06 -------- d-------- C:\Program Files\STK014
2006-09-08 20:17 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-08 20:15 -------- d-------- C:\Program Files\Lavasoft
2006-09-08 20:15 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Lavasoft
2006-09-08 18:40 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-08 18:40 -------- d-------- C:\Documents and Settings\Sunny\Application Data\dvdcss
2006-09-08 18:39 104 -r-hs---- C:\WINDOWS\system32\E2F53DEB73.sys
2006-09-07 21:46 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Ahead
2006-09-07 21:41 -------- d-------- C:\Program Files\HJT
2006-09-07 17:45 -------- d-------- C:\Documents and Settings\Sunny\Application Data\uTorrent
2006-09-06 18:34 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Video DVD Maker FREE
2006-09-05 22:08 -------- d---s---- C:\Documents and Settings\Sunny\Application Data\Microsoft
2006-09-04 18:31 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Skype
2006-09-04 13:46 -------- d-------- C:\Program Files\Nero
2006-09-04 12:25 -------- d-------- C:\Program Files\BFG
2006-08-31 20:19 -------- d-------- C:\Program Files\Common Files\Real
2006-08-31 20:19 -------- d-------- C:\Program Files\Common Files
2006-08-31 20:19 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Real
2006-08-31 13:33 -------- d-------- C:\Program Files\FinalAlert 2 Yuri's Revenge
2006-08-30 15:05 -------- d-------- C:\Program Files\Pcsx2
2006-08-29 20:49 -------- d-------- C:\Program Files\Delta
2006-08-29 20:08 -------- d-------- C:\Program Files\Project64 1.6
2006-08-25 16:39 -------- d-------- C:\Program Files\Windows Media Player
2006-08-25 16:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-25 16:37 -------- d-------- C:\Program Files\CyberLink
2006-08-25 16:36 74960 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-24 14:26 -------- d-------- C:\Program Files\Thomson
2006-08-24 11:25 -------- d-------- C:\Program Files\PowerISO
2006-08-22 11:12 -------- d-------- C:\Program Files\uTorrent
2006-08-22 10:57 3584 --a------ C:\Documents and Settings\Sunny\Application Data\dvd.bmk
2006-08-22 10:09 -------- d-------- C:\Program Files\Macromedia
2006-08-22 10:09 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-08-22 10:01 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Macromedia
2006-08-22 08:49 -------- d-------- C:\Program Files\PeerGuardian2
2006-08-16 17:35 -------- d-------- C:\Program Files\ACW
2006-08-16 16:28 -------- d-------- C:\Program Files\Windows NT
2006-08-16 15:00 -------- d-------- C:\Program Files\Online Services
2006-08-13 19:17 -------- d-------- C:\Program Files\Hornby Hobbies
2006-08-13 14:57 -------- d-------- C:\Program Files\Network Associates
2006-08-13 14:56 -------- d-------- C:\Program Files\Common Files\Network Associates
2006-08-12 19:02 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Alien Skin
2006-08-12 16:37 -------- d-------- C:\Program Files\Common Files\Cisco Systems
2006-08-11 13:17 -------- d-------- C:\Program Files\McAfee.com
2006-08-06 12:11 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-08-06 12:11 -------- d-------- C:\Program Files\Grisoft
2006-07-30 23:11 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-07-30 22:45 -------- d-------- C:\Program Files\ToniArts
2006-07-30 22:45 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-30 18:55 -------- d-------- C:\Program Files\Yahoo!
2006-07-29 12:11 30601 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2006-07-27 23:19 -------- d-------- C:\Program Files\Dell
2006-07-27 23:18 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-27 23:18 -------- d-------- C:\Program Files\Adobe
2006-07-27 23:15 -------- d-------- C:\Program Files\Opera
2006-07-27 23:14 -------- d-------- C:\Program Files\Bradbury
2006-07-27 23:11 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Adobe
2006-07-26 22:54 -------- d-------- C:\Program Files\DivX
2006-07-26 22:35 -------- d-------- C:\Program Files\Cucusoft
2006-07-24 13:59 -------- d-------- C:\Program Files\BitComet
2006-07-20 18:12 -------- d-------- C:\Program Files\DVD Shrink
2006-07-19 23:24 -------- d-------- C:\Documents and Settings\Sunny\Application Data\.bittorrent
2006-07-19 20:47 40472 --a------ C:\Documents and Settings\Sunny\Application Data\GDIPFONTCACHEV1.DAT
2006-07-15 19:36 -------- d-------- C:\Program Files\WinRAR
2006-07-11 21:36 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-07-11 21:11 -------- d-------- C:\Documents and Settings\Sunny\Application Data\BitTorrent
2006-07-10 22:59 -------- d-------- C:\Documents and Settings\Sunny\Application Data\{27ABEAD9-B7C4-4994-891F-48F5F48861FA}
2006-07-10 20:50 -------- d-------- C:\Documents and Settings\Sunny\Application Data\Azureus
2006-07-09 17:32 -------- d-------- C:\Documents and Settings\Sunny\Application Data\.BitTornado
2006-07-09 17:28 -------- d-------- C:\Program Files\BitTornado
2006-07-09 16:46 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-07-05 19:49 198 --a------ C:\Documents and Settings\Sunny\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-03 22:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-07-03 22:40 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-26 18:10 40 ---hs---- C:\Documents and Settings\Sunny\Application Data\.zreglib
2006-06-21 11:49 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-06-21 11:43 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-21 11:43 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-06-21 11:42 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-21 11:42 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-06-21 11:34 90112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-06-21 11:34 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-06-21 11:34 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-21 11:34 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-21 11:34 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-21 11:34 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-21 11:34 200704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-06-21 11:33 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-21 11:33 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-19 15:18 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"NWEReboot"=""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.afterdawn.com/"
"SubscribedURL"="http://www.afterdawn.com/"
"FriendlyName"=""
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a4,01,00,00,f0,00,00,00,dc,00,00,00,d2,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:0f,00,00,00,00,00,00,00,00,00,00,00,ea,44,d7,5a,28,2c,\
d7,5a,00,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Completion time: 09/09/2006 20:13:10.10
ComboFix.txt