View Full Version : Malware or Spyware
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:41 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2CAD0D8-84B5-4757-8953-2E9361A3B7AB}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 6369 bytes
Hello.Above are my HJT logfile scan result.Recently I've been encountered frequent attack of spyware or malware?Frankly,I didn't know what was it.It is because my little knowledge on computers and the Internet.So,as action to remove the problems,I always reformat my laptop(precisely).I know that a frequent reformatting are not good,but I remained no options.That was before I knew about HJT.And as a prevention measure,here I am.Maybe in these log there were no infection and maybe I've also breach the forum regulation.I'm so sorry if this happen but I can't help myself again to be like a fool,reformatting my laptop for futile.Please help me and sorry for any inconvenience.
Hi
Looks ok. :) Let's check with Kaspersky scanner if it finds something not visible in the hjt log.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner). You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.Once the scan is complete:
Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only.
If the results of the anti virus scan itself will take more than one post to contain, you may upload it to http://rapidshare.com
Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.
If having a problme doing the above
Make sure that your Internet security settings are set to default values.
To set default security settings for Internet Explorer:
* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.
Dear Blade81, Thanks for your reply.I've done according your instructions.Downloads ATF and ran the process.At this stage,all went normal.And then I did run Kaspersky online scan.Initially it goes well and due to slow scanning process, I left the laptop unattended to do other things.I came back about 30 minutes later,to find the laptop completely shutdown by itself.I started back the computer and ran IE back but seems the speed are decreasing compared before I ran the Kaspersky scanner.What should I do?Please help me out,Blade.
Hi
Let's make sure automatic restart on error is not checked.
1. Right-click My Computer, and then click Properties.
2. Click the Advanced tab.
3. Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
4. Clear the Automatically restart check box, and click OK the necessary number of times.
5. Restart your computer for the settings to take effect.
After that try running Kaspersky online scanner again.
Hi Blade81, Thanks for your reply and I appreciate your efforts.I've done things accordingly your instructions.That was unchecked automatic restart box and rescan with Kaspersky online scanner,but the same problem occurs again.But this time I manage to detect the percentage of the scanning process and that was in 20% of the scan process.There also were nothing on the log viewers.Am I in a severe situation?Can you help me?
Hi
Let's try this:
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
Hi Blade, I've scanned using the Malwarebytes as you instructed.All goes well,but for the first time I ran the scanner,there was a message about win32 error,but I couldn't understand.So I close the scanner and rerun back later.And this time all goes smoothly,but my Internet connection disconnected by itself with a message 'Windows Explorer cannot ....'.I keep ignored and the scanning process resume till the end.Here were the logs that I've been saved Malwarebytes' Anti-Malware 1.12
Database version: 797
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 55739
Time elapsed: 19 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuAdminTools (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuFavorites (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyPics (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyMusic (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> Quarantined and deleted successfully.
Hi
I think those removed items were false positives. Please run Malwarebytes' Anti-malware and restore all quarantined items.
After that let's try ESET scanner
* Go here (http://www.eset.eu/online-scanner) to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems
Hi Blade81, I've run the Eset scanner online,but the same problem occured again(it's shutdown automatically in the middle of scanning process).Am I encountering a severe infection?Here were what I've did before I ran Eset scanner,I disabled my Win firewall and AVG free edition anti virus.Before these,I restored all the quarantine items in Malwarebytes as you instructed me to. I'm lost here,what should I do?
Hi
I suspect it may be hardware issue. Scanning causes big load to CPU and if it overheats -> shutdown. Have you noticed if system has turned its power off automatically earlier?
As I said in my previous post the log itself looked clean. Let's see what other details can Deckard's system scanner tell us.
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Hello Blade81, I've run DSS.Initially it run perfectly till it reach about 80% of the process the DSS programm stopped with a Win message "the DSS are encountering a problem and bla...bla".So,what it is?
Hello Blade, I've sent you a reply earlier,but just ignore it.I ran DSS without logging in as administrator.Thats why DSS couldn't finished the action,but I've solved it out.And here are the logs of DSS and the latest logs of HJT Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-30 16:46:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
40: 2008-05-30 08:05:07 UTC - RP40 - Deckard's System Scanner Restore Point
39: 2008-05-30 07:24:56 UTC - RP39 - Software Distribution Service 3.0
38: 2008-05-29 23:15:48 UTC - RP38 - Software Distribution Service 3.0
37: 2008-05-29 23:05:32 UTC - RP37 - Software Distribution Service 3.0
36: 2008-05-29 13:08:38 UTC - RP36 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-05-20 15:26:06 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 503 MiB (512 MiB recommended).
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:20 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKCU\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2025429265-1336601894-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'sam08')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 5648 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 PPPoEWin (PPPoEWin Miniport) - c:\windows\system32\drivers\pppoewin.sys <Not Verified; Friendly Technologies; PPPoE Protocol Driver>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-04-30 and 2008-05-30 -----------------------------
2008-05-30 16:46:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-30 16:46:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-30 16:46:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-30 16:46:27 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-30 16:46:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-30 16:46:27 262144 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-30 16:46:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-30 16:46:27 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-30 16:46:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-30 16:46:27 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-30 16:46:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-30 16:46:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-30 16:46:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-30 16:46:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-30 16:04:18 0 d-------- \Deckard
2008-05-30 15:25:15 0 d-------- C:\WINDOWS\LastGood
2008-05-29 22:29:57 0 d-------- C:\Program Files\EsetOnlineScanner
2008-05-29 22:11:39 208896 --a------ C:\WINDOWS\system32\wpcap.dll <Not Verified; Politecnico di Torino; WinPcap wpcap.dll>
2008-05-29 22:11:39 57344 --a------ C:\WINDOWS\system32\packet.dll <Not Verified; Politecnico di Torino; WinPcap low level packet library>
2008-05-29 22:05:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-29 22:05:21 0 d-------- C:\Documents and Settings\sam08\Application Data\Mozilla
2008-05-29 19:22:20 0 dr-h----- C:\Documents and Settings\sam08\Recent
2008-05-29 15:43:35 0 d-------- C:\Documents and Settings\sam08\Application Data\Malwarebytes
2008-05-29 15:43:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 15:43:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 17:34:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 14:43:14 0 d-------- C:\Program Files\FileZilla FTP Client
2008-05-26 19:11:48 0 d-------- C:\Program Files\CCleaner
2008-05-25 12:52:45 0 d-------- C:\Documents and Settings\sam08\Application Data\Ahead
2008-05-25 12:49:27 0 d-------- C:\Program Files\Nero
2008-05-25 12:49:27 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-25 12:49:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-25 00:16:25 0 d-------- C:\Documents and Settings\sam08\Application Data\Adobe
2008-05-25 00:15:52 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-24 18:03:42 0 d-------- C:\Documents and Settings\sam08\Application Data\WinRAR
2008-05-22 19:11:29 0 d--hs---- \RECYCLER
2008-05-22 04:31:32 0 d-------- C:\Program Files\MSXML 4.0
2008-05-22 04:30:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-21 16:37:48 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-21 16:37:35 0 d-------- C:\Program Files\MSXML 6.0
2008-05-21 16:07:43 0 d-------- C:\Program Files\Microsoft.NET
2008-05-21 16:07:31 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-21 16:05:54 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-21 15:28:32 792723456 --ahs---- \pagefile.sys
2008-05-21 15:24:51 0 d--h----- \$AVG8.VAULT$
2008-05-21 14:33:29 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-21 14:02:44 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-21 14:02:44 0 d-------- C:\Documents and Settings\sam08\Application Data\AVGTOOLBAR
2008-05-21 14:02:34 0 d-------- C:\Program Files\AVG
2008-05-21 14:02:34 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-21 12:59:46 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-05-21 12:59:46 0 d-------- \Downloads
2008-05-21 12:55:02 0 d-------- C:\Documents and Settings\sam08\Application Data\Macromedia
2008-05-21 12:49:40 0 d-------- C:\Documents and Settings\sam08\Application Data\DivX
2008-05-21 10:07:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 10:02:16 162304 --a------ C:\WINDOWS\UNWISE.EXE
2008-05-21 10:02:16 40960 --a------ C:\WINDOWS\Restart.exe
2008-05-21 10:02:16 53248 --a------ C:\WINDOWS\AppRun.exe
2008-05-21 10:02:16 0 d-------- C:\Program Files\Common Files\FTL Shared
2008-05-21 10:01:52 0 d-------- C:\Program Files\TM Net
2008-05-21 10:01:41 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-05-21 10:01:16 0 d-------- C:\Documents and Settings\sam08\WINDOWS
2008-05-21 09:52:57 11 --a------ \SelfTests.dat
2008-05-21 09:49:46 0 d-------- C:\Program Files\WinPcap
2008-05-21 09:48:17 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-21 09:45:24 0 d-------- C:\Program Files\Trend Micro
2008-05-21 09:42:49 0 d-------- C:\Program Files\BitComet
2008-05-21 09:41:24 0 d-------- C:\Program Files\Java
2008-05-21 09:41:23 0 d-------- C:\Program Files\Common Files\Java
2008-05-21 09:41:00 0 d-------- C:\Documents and Settings\sam08\Application Data\Sun
2008-05-21 09:34:39 0 d-------- C:\Program Files\PowerISO
2008-05-21 09:33:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-21 09:32:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-21 09:30:33 0 d-------- C:\Program Files\DivX
2008-05-21 09:29:06 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-21 09:29:04 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-21 09:29:03 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-21 09:29:03 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-21 09:29:02 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-21 09:29:01 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-21 07:04:00 0 d--hs---- C:\WINDOWS\Installer
2008-05-21 07:03:59 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-21 07:03:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-21 07:03:55 0 d-------- C:\Program Files\Common Files
2008-05-21 07:03:55 0 dr------- \Program Files
2008-05-21 07:03:29 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-21 07:03:29 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-21 07:03:29 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-21 07:03:29 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-21 07:03:29 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-21 07:03:29 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-21 07:03:29 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-21 07:03:29 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-21 07:03:29 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-21 07:03:29 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-21 07:03:29 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2008-05-21 07:03:29 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-21 07:03:29 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-21 07:03:29 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-21 07:03:29 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-21 07:03:29 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-21 07:02:53 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-21 07:02:53 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-21 07:02:48 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-21 07:02:48 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-21 07:02:47 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-21 07:02:47 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-21 07:02:20 0 d-------- \Documents and Settings
2008-05-21 07:00:33 0 d--hs---- \System Volume Information
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\WinSxS
2008-05-21 06:56:06 0 dr------- C:\WINDOWS\Web
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\twain_32
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\wins
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\wbem
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\usmt
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\spool
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\Setup
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\ras
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\oobe
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\npp
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\mui
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\IME
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\ias
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\export
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\drivers
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-21 06:56:06 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\config
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\3076
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\2052
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1054
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1042
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1041
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1037
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1033
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1031
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1028
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system32\1025
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\system
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\security
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Resources
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\repair
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Provisioning
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\PeerNet
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\pchealth
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Network Diagnostic
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\mui
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\msapps
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\msagent
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Media
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\l2schemas
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\java
2008-05-21 06:56:06 0 d--h----- C:\WINDOWS\inf
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\ime
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Help
2008-05-21 06:56:06 0 dr--s---- C:\WINDOWS\Fonts
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\ehome
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Driver Cache
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Debug
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Cursors
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\Config
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\AppPatch
2008-05-21 06:56:06 0 d-------- C:\WINDOWS\addins
2008-05-21 06:56:06 0 d-------- \WINDOWS
2008-05-20 23:34:09 0 d-------- C:\Program Files\CONEXANT
2008-05-20 23:25:34 0 d-------- C:\Documents and Settings\sam08\Application Data\Identities
2008-05-20 23:25:20 0 d--h----- C:\Documents and Settings\sam08\Templates
2008-05-20 23:25:20 0 dr------- C:\Documents and Settings\sam08\Start Menu
2008-05-20 23:25:20 0 dr-h----- C:\Documents and Settings\sam08\SendTo
2008-05-20 23:25:20 0 d--h----- C:\Documents and Settings\sam08\PrintHood
2008-05-20 23:25:20 3145728 --ah----- C:\Documents and Settings\sam08\NTUSER.DAT
2008-05-20 23:25:20 0 d--h----- C:\Documents and Settings\sam08\NetHood
2008-05-20 23:25:20 0 dr------- C:\Documents and Settings\sam08\My Documents
2008-05-20 23:25:20 0 d--h----- C:\Documents and Settings\sam08\Local Settings
2008-05-20 23:25:20 0 dr------- C:\Documents and Settings\sam08\Favorites
2008-05-20 23:25:20 0 d-------- C:\Documents and Settings\sam08\Desktop
2008-05-20 23:25:20 0 d--hs---- C:\Documents and Settings\sam08\Cookies
2008-05-20 23:25:20 0 dr-h----- C:\Documents and Settings\sam08\Application Data
2008-05-20 23:25:20 0 d---s---- C:\Documents and Settings\sam08\Application Data\Microsoft
2008-05-20 23:23:22 0 d-------- C:\WINDOWS\Prefetch
2008-05-20 23:23:19 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-20 23:23:18 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-20 23:23:18 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-20 23:23:18 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-20 23:23:18 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-20 23:23:18 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-20 23:22:36 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-20 23:22:36 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-20 23:22:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-20 23:22:36 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-20 23:22:35 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-20 23:17:51 0 d-------- C:\WINDOWS\system32\xircom
2008-05-20 23:17:51 0 d-------- C:\Program Files\microsoft frontpage
2008-05-20 23:17:38 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-20 23:17:34 0 -rahs---- \MSDOS.SYS
2008-05-20 23:17:34 0 -rahs---- \IO.SYS
2008-05-20 23:17:34 0 --a------ \CONFIG.SYS
2008-05-20 23:17:34 0 --a------ \AUTOEXEC.BAT
2008-05-20 23:16:18 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-20 23:15:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-20 23:15:28 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-20 23:14:50 0 d---s---- C:\WINDOWS\Tasks
2008-05-20 23:14:49 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-20 23:14:45 0 d-------- C:\WINDOWS\srchasst
2008-05-20 23:14:35 0 d-------- C:\Program Files\Movie Maker
2008-05-20 23:14:24 0 d-------- C:\WINDOWS\system32\Restore
2008-05-20 23:13:28 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-20 23:13:11 0 d-------- C:\WINDOWS\Registration
2008-05-20 23:13:03 0 d-------- C:\Program Files\Online Services
2008-05-20 23:12:53 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-20 23:12:48 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-20 23:12:47 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-20 23:12:41 0 d-------- C:\Program Files\Messenger
2008-05-20 23:12:37 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-20 23:11:56 0 d-------- C:\Program Files\Windows NT
2008-05-20 23:11:52 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-20 23:11:50 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-05-21 07:03:29 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 05:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-04-01 05:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-22 04:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-22 04:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 04:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 04:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/21/2008 02:02 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/22/2005 05:36 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/22/2005 05:31 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2008 03:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"%FP%TM Net fts.exe"="C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe" [01/07/2004 02:37 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/21/2008 02:02 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 06:53 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-11"=rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-11"=rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart
-- End of Deckard's System Scanner: finished at 2008-05-30 16:53:16 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 502.42 MiB / 221.58 MiB
Pagefile Memory (total/avail): 1227.49 MiB / 944.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.61 MiB
C: is Fixed (NTFS) - 19.53 GiB total, 10.69 GiB free.
D: is Fixed (NTFS) - 74.53 GiB total, 72.03 GiB free.
E: is Fixed (NTFS) - 36.35 GiB total, 29.85 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST960812A - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 36.35 GiB - E:
\\.\PHYSICALDRIVE1 - Generic USB Disk USB Device - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.53 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TUKUL-02E1C9E02
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=TUKUL-02E1C9E02
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
sam08 [I](admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio --> CIAunwdm.exe
Diagnostic Tool --> C:\WINDOWS\uninst.exe -f"C:\Program Files\TM Net\Diagnostic Tool\DeIsL1.isu" -c"C:\Program Files\TM Net\Diagnostic Tool\_ISREG32.DLL"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.9.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C\HXFSETUP.EXE -U -IQTA3080K.INF
tmnet streamyx dialer --> C:\WINDOWS\AppRun.exe C:\PROGRA~1\TMNET~1\TMNETS~1
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type322 / Error
Event Submitted/Written: 05/30/2008 04:52:17 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type321 / Error
Event Submitted/Written: 05/30/2008 04:52:17 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type320 / Error
Event Submitted/Written: 05/30/2008 04:52:17 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type319 / Error
Event Submitted/Written: 05/30/2008 04:50:20 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Event Record #/Type318 / Error
Event Submitted/Written: 05/30/2008 04:49:33 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1536 / Warning
Event Submitted/Written: 05/30/2008 00:03:15 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type1535 / Warning
Event Submitted/Written: 05/30/2008 10:14:02 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type1534 / Warning
Event Submitted/Written: 05/30/2008 09:19:24 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type1533 / Warning
Event Submitted/Written: 05/30/2008 08:52:05 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type1532 / Warning
Event Submitted/Written: 05/30/2008 08:38:22 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-05-30 16:53:16 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:20 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKCU\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2025429265-1336601894-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'sam08')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 5648 bytes
Hi
To me your logs look clean. As I said earlier that shutdown may have been caused by overheating. Some systems are set by default so that they get shutdown if heat rises over certain limit.
Couple of things we can take away with hjt though.
Start hjt, do a system scan, check:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
Close browsers and fix checked.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 6 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
Those are only things that I could spot.
Hello Blade, Thanks for all your assistance lately.I appreciate it.Seems that my system functioning well,just have problems with my network connections.It's take a while to log in websites.Anyway it don't bother me.Just in case,if I have to make a reformation,can you give me a few tips to make my laptop function properly or perfectly?I mean any recommendation of software for multimedia, browsing and anti-virus that suit my OS(Win XP Professional SP2) since my little knowledge about computers and Internet.Hoping,I can reach you next time if any problem arise in the future.Thanks Blade81.
You're welcome :)
I do can try to give you tips as long as it's security related. In other problems I suggest to ask at http://forums.pcpitstop.com.
Shall we close the topic for now?
Hello Blade, Yes,and again,thanks.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.