Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] hjt log

[Fixed] Hijackthis! Logs - [Fixed] hjt log posted in the Security & Safety forums; the link didn't work for that WinPFind2.zip-is there another place to download it from?, is DIALER_BT a normal thing that is found on housecall/trendmicro, i think it said it was ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 3 of 15 < 1 2 3 4 5 6 7 13 > Last »
  #13  
Old 02-28-2007
jakedude182's Avatar
Gold Member
My PC
 
Join Date: Oct 2006
Posts: 335
PC Experience: Some Experience
jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page
Default
the link didn't work for that WinPFind2.zip-is there another place to download it from?, is DIALER_BT a normal thing that is found on housecall/trendmicro, i think it said it was infected with spyware.
  #14  
Old 02-28-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,606
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default
how very odd.....try this one:

Download WinPFind.exe to your desktop and double-click on the WinPFind.exe file to extract the contents.

It will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Open the WinPfind folder on your desktop and double-click on the WinPFind.exe file to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here and I will review the information when it comes in.


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #15  
Old 03-01-2007
jakedude182's Avatar
Gold Member
My PC
 
Join Date: Oct 2006
Posts: 335
PC Experience: Some Experience
jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page
Default
I have done the above and I have attached the log from WinPFind,
and also a more recent hijackthis log, it doesn't have wmpnetwk.exe in it however I attached a log from a full system scan on ad-aware and it has wmpnetwk.exe in it - strange, must be somthing to do with hijackthis.

WinPFind logfile created on: 01/03/2007 05:49:32
WinPFind by OldTimer - v2.0.2 Folder = C:\Documents and Settings\All Users\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

982508 Kb Total Physical Memory | 786216 Kb Available Physical Memory | 80.02% Memory free
1584812 Kb Paging File | 1511396 Kb Available in Paging File | 95.37% Paging File free
Paging file location: C:\pagefile.sys 672 1344

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152328328 Kb Total Space | 130260672 Kb Free Space | 85.51% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\All Users\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(iPodService) iPodService [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)

(lxcr_device) lxcr_device [Win32_Own | On_Demand | Stopped]
= C:\WINDOWS\system32\lxcrcoms.exe ( )

(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
FaxCenterServer = C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
KernelFaultCheck = umprep 0 (File not found)
Lexmark X1100 Series = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (File not found)
lxbymon.exe = C:\Program Files\Lexmark P910 Series\lxbymon.exe (File not found)
LXCRCATS = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtim e.dll ()
lxcrmon.exe = C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
Recguard = C:\WINDOWS\SMINST\Recguard.exe ()
SoundMan = C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
VTTimer = C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
Power2GoExpress = (File not found)
PowerBar = (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Jacob\Start Menu\Programs\Startup >
C:\Documents and Settings\Jacob\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 0
startup = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run-]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run-]
Steam =

>>>>> Disabled Startup Folder Items <<<<<

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =

>>>>> SafeBoot Option Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Option]

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<



Continued

Thanks, Jake
Attached Files
File Type: txt ad-aware log 1.3.07.TXT (28.9 KB, 1 views)
File Type: log Hijackthis 1.3.07.log (6.0 KB, 3 views)


Last edited by jakedude182; 03-01-2007 at 08:21 PM.
  #16  
Old 03-01-2007
jakedude182's Avatar
Gold Member
My PC
 
Join Date: Oct 2006
Posts: 335
PC Experience: Some Experience
jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page
Default
>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Attachments]
ScanWithAntiVirus = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = about:Home
SubscribedURL = about:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 04/08/2004 19:00:00)
127.0.0.1 localhost

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = MSN.com
Default_Search_URL = Live Search
Local Page = %SystemRoot%\system32\blank.htm
Search Page = Live Search
Start Page = MSN.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Bar = http://home.microsoft.com/search/lobby/search.asp
Search Page = Live Search
Start Page = Orange UK Home Page

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Documents and Settings\Jacob\My Documents\My programs\Spybot Search & Deystroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
- Google Toolbar Helper ( HKLM = c:\program files\Google\googletoolbar3.dll (Google Inc.) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar3.dll (Google Inc.) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar3.dll (Google Inc.) )
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8193

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]
ButtonText = Research

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
{44440D00-FF19-4AFC-B765-9A0970567D97} = TuneUp Theme Extension ( HKLM = C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) )
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = TuneUp Shredder Shell Extension ( HKLM = C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Software GmbH) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler Class ( HKLM = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) )
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = SampleView ( HKLM = C:\WINDOWS\system32\ShellvRTF.dll (XSS) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler Class ( HKLM = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}]
- NBShellHook Class ( HKLM = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers\TuneUp Shredder Shell Extension]
@ = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} ( HKLM = C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Software GmbH) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shel lex\ContextMenuHandlers\TuneUp Shredder Shell Extension]
@ = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} ( HKLM = C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Software GmbH) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex \ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}]
- NBShellHook Class ( HKLM = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex \ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}]
- NeroDigitalColumnHandler Class ( HKLM = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> User Agent Post Platform <<<<<

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{12D92AA2-4051-488D-802C-7CE49D177E00}] ( VIA Rhine II Fast Ethernet Adapter )
DefaultGateway =
DhcpServer = 255.255.255.255
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{5F48023F-76F7-495A-9559-6A40019A9915}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE = http://download.microsoft.com/downlo...eckControl.cab
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
INF = C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_10.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
CODEBASE = http://acs.pandasoftware.com/actives...ree/asinst.cab
INF = C:\WINDOWS\Downloaded Program Files\asinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\DownloadInformation]
CODEBASE = http://office.microsoft.com/officeup...tent/opuc4.cab
INF = C:\WINDOWS\Downloaded Program Files\opuc.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf
»»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

C:\Documents and Settings\Jacob\My Documents\Thumbs.db [Ver = | Size = 3584 bytes | Created Date = 18/02/2007 03:32:02 | Attr = HS]
@Alternate Data Stream - C:\Documents and Settings\Jacob\My Documents\Thumbs.db:encryptable (0 bytes)
C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1532 bytes | Created Date = 20/02/2007 06:06:37 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\CCleaner.lnk [Ver = | Size = 1729 bytes | Created Date = 22/02/2007 06:58:02 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Shortcut to ATF-Cleaner.lnk [Ver = | Size = 819 bytes | Created Date = 28/02/2007 07:03:25 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Spybot - Search & Destroy.lnk [Ver = | Size = 1255 bytes | Created Date = 10/02/2007 05:15:38 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Teamspeak 2 RC2.lnk [Ver = | Size = 782 bytes | Created Date = 16/02/2007 08:45:29 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Touch Typing.lnk [Ver = | Size = 798 bytes | Created Date = 01/02/2007 04:34:52 | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 22/02/2007 05:25:34 | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 22/02/2007 05:25:34 | Attr = H ]
C:\WINDOWS\System32\drivers\ikhfile.sys PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 23/02/2007 05:53:25 | Attr = ]
C:\WINDOWS\System32\drivers\ikhlayer.sys PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 23/02/2007 05:53:25 | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 28/02/2007 07:56:28 | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

C:\Documents and Settings\Jacob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 13312 bytes | Modified Date = 01/02/2007 04:09:00 | Attr = ]
C:\Documents and Settings\Jacob\Local Settings\Application Data\IconCache.db [Ver = | Size = 2642082 bytes | Modified Date = 15/02/2007 09:37:26 | Attr = H ]
C:\Documents and Settings\Jacob\My Documents\My Sharing Folders.lnk [Ver = | Size = 574 bytes | Modified Date = 23/02/2007 07:28:30 | Attr = ]
C:\Documents and Settings\Jacob\My Documents\Thumbs.db [Ver = | Size = 3584 bytes | Modified Date = 18/02/2007 03:32:06 | Attr = HS]
@Alternate Data Stream - C:\Documents and Settings\Jacob\My Documents\Thumbs.db:encryptable (0 bytes)
C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1532 bytes | Modified Date = 20/02/2007 06:06:38 | Attr = ]
C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk [Ver = | Size = 1736 bytes | Modified Date = 18/02/2007 07:33:22 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\CCleaner.lnk [Ver = | Size = 1729 bytes | Modified Date = 22/02/2007 06:58:04 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Microsoft Office Word 2003.lnk [Ver = | Size = 2497 bytes | Modified Date = 26/02/2007 09:03:46 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Shortcut to ATF-Cleaner.lnk [Ver = | Size = 819 bytes | Modified Date = 28/02/2007 07:03:26 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Spybot - Search & Destroy.lnk [Ver = | Size = 1255 bytes | Modified Date = 10/02/2007 05:59:22 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Teamspeak 2 RC2.lnk [Ver = | Size = 782 bytes | Modified Date = 16/02/2007 08:45:30 | Attr = ]
C:\Documents and Settings\Jacob\Desktop\Touch Typing.lnk [Ver = | Size = 798 bytes | Modified Date = 01/02/2007 04:34:54 | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 01/03/2007 05:46:04 | Attr = S]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 13/02/2007 06:59:46 | Attr = ]
C:\WINDOWS\NeroDigital.ini [Ver = | Size = 116 bytes | Modified Date = 15/02/2007 05:16:40 | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 22/02/2007 05:25:36 | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 22/02/2007 05:25:36 | Attr = H ]
C:\WINDOWS\win.ini [Ver = | Size = 797 bytes | Modified Date = 14/02/2007 00:17:44 | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 28/02/2007 07:36:34 | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Modified Date = 28/02/2007 07:36:34 | Attr = ]
C:\WINDOWS\System32\PCANDIS5.sys Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 17134 bytes | Modified Date = 23/02/2007 05:42:54 | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 53724 bytes | Modified Date = 14/02/2007 00:13:10 | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 383562 bytes | Modified Date = 14/02/2007 00:13:10 | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 439994 bytes | Modified Date = 14/02/2007 00:13:10 | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 28/02/2007 07:36:34 | Attr = ]
C:\WINDOWS\System32\vsconfig.xml [Ver = | Size = 48882 bytes | Modified Date = 01/03/2007 05:37:02 | Attr = H ]
C:\WINDOWS\System32\W32N50.dll Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 81920 bytes | Modified Date = 23/02/2007 05:42:54 | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1374 bytes | Modified Date = 01/03/2007 05:37:00 | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 26/02/2007 05:20:36 | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 26/02/2007 05:20:36 | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 26/02/2007 05:20:36 | Attr = ]
C:\WINDOWS\System32\drivers\ikhfile.sys PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Modified Date = 23/02/2007 05:53:26 | Attr = ]
C:\WINDOWS\System32\drivers\ikhlayer.sys PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Modified Date = 23/02/2007 05:53:26 | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 28/02/2007 07:55:26 | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[Thawte Consulting , USERTRUST , ]C:\TEST.HIV ()
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 (118 bytes)
@Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Take That Patience.wma:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Jacob\My Documents\Thumbs.db:encryptable (0 bytes)
[Thawte Consulting , ]C:\Documents and Settings\Jacob\Desktop\eTrustAntivirusInstaller.ex e (ecl )
[WSUD , ]C:\WINDOWS\System32\alsndmgr.cpl (Realtek Semiconductor Corp.)
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)
[PTech , ]C:\WINDOWS\System32\drivers\mtlstrm.sys ( )



< End of report >


__________________
Prework works!


  #17  
Old 03-01-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,606
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default
jake:

everything looks fine. But let's try some other stuff. First, download spysweeper from my signature, and update it. Boot into safe mode and run Spy Sweeper; under Options, Sweep, make sure that all available options under Custom Sweep are selected. Run a full system scan, and let it quarantine everything that it finds. Make sure to save the log to post back here.

Personally, I don't think it's giong to find anything, but we'll see.

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #18  
Old 03-03-2007
jakedude182's Avatar
Gold Member
My PC
 
Join Date: Oct 2006
Posts: 335
PC Experience: Some Experience
jakedude182 - See this Members User comments on their Profile page jakedude182 - See this Members User comments on their Profile page