View Full Version : Problem with svchost.exe trying to write mpas-d.exe and more other things
Hi,
at the beginnig i started with the problem of the TASKMGN spyware, then using the spybot i tried to remove it, then i unistalled my McAfee antivirus (only kept the McAffee Firewall) and instaleed avast! 4 Home. The avast! tells me that svchost.exe is opening mpas-d.exe for writing. If i allow my computer just reboot automatically, if i deny several time i can continue working. I had another problem some time that appear a window saying that the NT Administrator will shutdown my computer in 1 minute, and a countdown is started. When that happen i open the comand line and write: "shutdown -a" to keep my computer on.
I have followed this tutorial: http://forums.spybot.info/archive/index.php/t-4015.html
and here i have my reports.
SmitfraudFix Report:
SmitFraudFix v2.82
Scan done at 20:41:45,15, 30-08-2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Documents and Settings\dreamer\Application Data\Install.dat Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Ewido report:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:09:15 31-08-2006
+ Scan result:
D:\TEMP\Downloads\getright e download mage\rgl18.exe/of_play_ins_w_2039.exe -> Adware.OnFlow : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4487598C-2EC7-43A2-870E-6D8D720FDD9F} -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4487598C-2EC7-43A2-870E-6D8D720FDD9F} -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKU\S-1-5-21-1547161642-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4487598C-2EC7-43A2-870E-6D8D720FDD9F} -> Adware.SafeSurfing : Cleaned with backup (quarantined).
D:\TEMP\Downloads\getright e download mage\rgl18.exe/tsad.dll -> Adware.TimeSink : Cleaned with backup (quarantined).
D:\TEMP\Downloads\getright e download mage\rgl18.exe/tsadbot.exe -> Adware.TimeSink : Cleaned with backup (quarantined).
D:\TEMP\Downloads\music progs\downloads from isel\OtsJuke_DJ_Professional_v1[1].00.101_by_TNT.zip/OtsJuke DJ-upgrade-v1.00.101.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
D:\backups_do_sistema\Diskete_estragada\Dreamer\NetSwitcher.II.v3.2.1_CRK.zip/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
D:\backups_do_sistema\Diskete_estragada\Dreamer\TNT-NetSwitcher.II.v3.2.1_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
D:\backups_do_sistema\portatil\lixo\NetSwitcher\NetSwitcher.II.v3.2.1_CRK.zip/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
D:\backups_do_sistema\portatil\lixo\NetSwitcher\TNT-NetSwitcher.II.v3.2.1_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
D:\TEMP\Downloads\messengers (MSN - AIM - ICQ - Yahoo)\messenger plus\MsgPlus-254.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
D:\TEMP\Downloads\messengers (MSN - AIM - ICQ - Yahoo)\messenger plus\MsgPlus-3.01.94.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
D:\TEMP\Downloads\messengers (MSN - AIM - ICQ - Yahoo)\messenger plus\MsgPlus-220.exe/70000011.exe -> Downloader.Swizzor.g : Cleaned with backup (quarantined).
D:\TEMP\Downloads\VNC-controlo remoto\vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored.
D:\TEMP\Downloads\VNC-controlo remoto\vnc-3.3.3r9_x86_win32\vnc_x86_win32\vncviewer\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored.
:mozilla.177:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.469:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.585:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.620:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.607:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.90:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.91:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.215:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.739:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.740:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.741:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.98:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.30:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Atdmt : Cleaned.
:mozilla.708:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.709:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.710:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.146:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.147:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.296:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.297:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.72:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.73:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.74:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.707:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.686:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.41:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.367:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.164:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.165:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.166:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.167:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.703:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.704:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.705:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.706:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.10:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.11:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Fastclick : Cleaned.
:mozilla.6:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Fastclick : Cleaned.
:mozilla.7:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Fastclick : Cleaned.
:mozilla.8:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Fastclick : Cleaned.
:mozilla.9:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.832:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.109:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.110:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.111:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.407:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.436:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.755:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.756:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.757:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.759:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.760:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.761:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.762:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.497:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.498:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.507:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.216:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.217:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.218:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.219:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Pointroll : Cleaned.
:mozilla.40:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Pointroll : Cleaned.
:mozilla.43:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Pointroll : Cleaned.
:mozilla.45:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Pointroll : Cleaned.
:mozilla.533:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.534:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.535:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.536:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.763:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.764:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.765:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.766:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.767:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.768:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.769:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.770:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.46:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Revenue : Cleaned.
:mozilla.47:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Revenue : Cleaned.
:mozilla.553:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.554:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.555:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.268:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.568:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.569:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.570:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.571:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.730:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.731:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.893:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.894:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.895:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.589:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.592:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.593:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.594:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.595:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.596:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.597:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.598:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.599:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.600:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.601:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.602:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.603:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.604:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.605:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.606:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.611:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.612:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.77:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.78:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.79:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.80:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.621:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.19:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.31:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.656:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.657:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.658:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.659:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.660:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.655:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.308:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Xhit : Cleaned.
:mozilla.678:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.40:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Zedo : Cleaned.
:mozilla.20:C:\Program Files\Microsoft Office\Visio11\1033\UMLUSE_M.VSS -> TrackingCookie.Zedo : Cleaned.
:mozilla.682:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.683:C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
D:\TEMP\Downloads\CDR-SOFT\UltraISO.v7.6.5.1225.ME.Multilanguage.Incl.SND.Patch.rar/patch.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
D:\TEMP\Downloads\CDR-SOFT\UltraISO.v7.6.5.1225.ME.Multilanguage.Incl.SND.Patch\patch.exe -> Trojan.Agent.jh : Cleaned with backup (quarantined).
::Report end
Spybot report:
--- Search result list ---
Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
NewsUpdate: Program directory (Directory, fixed)
C:\Program Files\Creative\News\
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-08-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-25 Includes\Cookies.sbi (*)
2006-08-25 Includes\Dialer.sbi (*)
2006-08-25 Includes\Hijackers.sbi (*)
2006-08-25 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-08-25 Includes\Malware.sbi (*)
2006-08-25 Includes\PUPS.sbi (*)
2006-08-25 Includes\Revision.sbi (*)
2006-08-25 Includes\Security.sbi (*)
2006-08-25 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-08-25 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885626
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
--- Startup entries list ---
Located: HK_LM:Run, !ewido
command: "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
file: C:\Program Files\ewido anti-spyware 4.0\ewido.exe
size: 6283264
MD5: 10c40f37ac87a18f624143d4fe6e8dec
Located: HK_LM:Run, ATIPTA
command: "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 870c0d125d4aa80e02fb4287d5b0fc02
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: e4289180e929bf984bfecefa73322a6a
Located: HK_LM:Run, BluetoothAuthenticationAgent
command: "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, CRBroadCasting
command: "C:\Program Files\CardReader2.0\CRBroadCasting.exe"
file: C:\Program Files\CardReader2.0\CRBroadCasting.exe
size: 24576
MD5: 3bef9e4574ba3d1fe70abcc0af2af505
Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 15f71a562eb274baae347a7a224e3bf9
Located: HK_LM:Run, DataLayer
command: C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
file: C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
size: 1068032
MD5: 65b22233644ad5ed9e6729dad841d73b
Located: HK_LM:Run, FinePrint Dispatcher v5
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
size: 442368
MD5: 37bf3edf19c15bb9f3418558686a9b0e
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7c6b5065e7326e3c91a62800df3a31fa
Located: HK_LM:Run, HPHmon03
command: C:\WINDOWS\System32\hphmon03.exe
file: C:\WINDOWS\System32\hphmon03.exe
size: 311296
MD5: 97328a8415e1a1e4a832fe1e87b2de2c
Located: HK_LM:Run, Inst
command: "C:\WINDOWS\System\Inst.exe" install
file: C:\WINDOWS\System\Inst.exe
size: 20480
MD5: 0f8273724074dc928acb65a6259aacb3
Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: b5eca5948d7f8eaa00333231f33ea31a
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 2fd3df1d0ddc018202abfc9be6e68923
Located: HK_LM:Run, LiveMonitor
command: "C:\Program Files\MSI\Live Update 3\LMonitor.exe"
file: C:\Program Files\MSI\Live Update 3\LMonitor.exe
size: 484864
MD5: b1f3ced4d5c79f9284d78377e6eba0ed
Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: e8d2dcece015f4558aa3853514664f15
Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
file: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
size: 212992
MD5: dec79e9887924b82837b9b7730ecaa1f
Located: HK_LM:Run, MPFExe
command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 950272
MD5: c14da446ebbd90e15fb617bc70e0ebd8
Located: HK_LM:Run, OASClnt
command: "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
file:
Located: HK_LM:Run, POINTER
command: "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
file: C:\Program Files\Microsoft Hardware\Mouse\point32.exe
size: 176128
MD5: 44fcd222d8a4bcff2c944c081aead78c
Located: HK_LM:Run, PWRISOVM.EXE
command: "C:\Program Files\PowerISO\PWRISOVM.EXE"
file: C:\Program Files\PowerISO\PWRISOVM.EXE
size: 188416
MD5: 4ba6ef92f6924eefd1c2dddef7488da8
Located: HK_LM:Run, SpySweeper
command: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 3871744
MD5: c1e87da7b09e0cca67e0120bf80bcf25
Located: HK_LM:Run, VSOCheckTask
command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
file:
Located: HK_LM:Run, WinSSHD Activation State Checker
command: "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe"
file: C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe
size: 446464
MD5: 8c23df12b624ebae70230953e19e4742
Located: HK_LM:Run, CTStartup (DISABLED)
command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
file:
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9
Located: HK_LM:Run, Windows Defender (DISABLED)
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file:
Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 405583
MD5: a4ce7e9913893e1b59e303cf2a43d5d6
Located: HK_CU:Run, MSKAGENTEXE
command: C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
file:
Located: HK_CU:Run, SpybotSD TeaTimer
command: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: HK_CU:Run, TaskBar
command: "C:\Program Files\Creative\TaskBar\CTLTask.exe"
file: C:\Program Files\Creative\TaskBar\CTLTask.exe
size: 122880
MD5: cc1afd8c45b351d440cd8d7a7ed91ef4
Located: HK_CU:Run, TaskTray
command: "C:\Program Files\Creative\TaskBar\CTLTray.exe"
file: C:\Program Files\Creative\TaskBar\CTLTray.exe
size: 163840
MD5: dd12fa3c35b37b595fa66d8494e54abd
Located: HK_CU:Run, Yahoo! Pager
command: "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\ypager.exe
size: 3096576
MD5: dadbb773f3d2315dcf04b7fd86a1e5f2
Located: Startup (common), BlueSoleil.lnk
command: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
file: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
size: 1044480
MD5: 1d3bb86043659d005c65a277e4b3fe95
Located: Startup (common), InterVideo WinCinema Manager.lnk
command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 212992
MD5: bf8ea28ceda878ac4607b3d363d8237b
Located: Startup (common), WlanUtility.lnk
command: C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
file: C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
size: 143360
MD5: 8fdb1160b4dd0f0d4bb723427e4d88d9
Located: Startup (user), No-IP DUC.lnk
command: C:\Program Files\No-IP\DUC20.exe
file: C:\Program Files\No-IP\DUC20.exe
size: 1079296
MD5: eb68c9191c020913ab8f0ec49a241245
Located: Startup (user), Shortcut to remoterm.lnk
command: E:\dvb soft\ProgDVB\Remote\remoterm.exe
file: E:\dvb soft\ProgDVB\Remote\remoterm.exe
size: 61699
MD5: c5676406963b4a5e0a691047b998cbf9
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file:
Located: Startup (disabled), CoreCenter (DISABLED)
command: C:\PROGRA~1\MSI\CORECE~1\CORECE~1.EXE
file: C:\PROGRA~1\MSI\CORECE~1\CORECE~1.EXE
size: 826368
MD5: d3acae52f2b9be7910c43f6f1c688f33
Located: Startup (disabled), Pinnacle Scheduler (DISABLED)
command: C:\PROGRA~1\Pinnacle\SHARED~1\Programs\SCHEDU~1\PCLESC~1.EXE
file: C:\PROGRA~1\Pinnacle\SHARED~1\Programs\SCHEDU~1\PCLESC~1.EXE
size: 237568
MD5: 1a8010091771b3e3dc5d978b71bcf8ef
Located: Startup (disabled), BOINC Manager (DISABLED)
command: C:\PROGRA~1\BOINC\boincmgr.exe /s
file: C:\PROGRA~1\BOINC\boincmgr.exe
size: 1691648
MD5: 0c1f4633ac3aa0a2b32558cd5a5c092a
Located: Startup (disabled), Pinnacle Systems - Studio Family (DISABLED)
command: C:\PROGRA~1\Pinnacle\STUDIO~1\EREGIS~1\Remind32.exe
file:
Located: Startup (disabled), Registration-PCTV (DISABLED)
command: C:\PROGRA~1\Pinnacle\PINNAC~1\EREGIS~1\RegTool.exe PCTV,PCTSTD,register,PG,0,
file: C:\PROGRA~1\Pinnacle\PINNAC~1\EREGIS~1\RegTool.exe
size: 245760
MD5: 62d0dd66f197de3ef3caa455e9656ead
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
Located: WinLogon, rainit
command: RAinit.dll
file: RAinit.dll
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll
(i stopped the spybot report because y saw that you don0t ask for it in the tutorial, but i had to keep the post because i cannot edit my post..., if you need the report, i uploaded all the reports in zipfile)
HijackThis report:
Logfile of HijackThis v1.99.1
Scan saved at 5:34:02, on 31-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
c:\Program Files\Darwin Streaming Server\DarwinStreamingServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System\Inst.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CardReader2.0\CRBroadCasting.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\No-IP\DUC20.exe
E:\dvb soft\ProgDVB\Remote\remoterm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CardReader2.0\OTiReader.exe
C:\Program Files\RemotelyAnywhere\RaMaint.exe
C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\RemotelyAnywhere\RAGui.exe
C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [POINTER] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Inst] "C:\WINDOWS\System\Inst.exe" install
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe"
O4 - HKLM\..\Run: [CRBroadCasting] "C:\Program Files\CardReader2.0\CRBroadCasting.exe"
O4 - HKLM\..\Run: [LiveMonitor] "C:\Program Files\MSI\Live Update 3\LMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Shortcut to remoterm.lnk = E:\dvb soft\ProgDVB\Remote\remoterm.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: MBNet - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - c:\progra~1\sibs\mbnet\icone.hta
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/pt-PT/filesharingctrl.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/cc/mbnetbrws.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095623948593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://shiva/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7ADFDE4-D5F6-4974-834B-5069B6030888}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: rainit - C:\WINDOWS\SYSTEM32\RAinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Darwin Streaming Server - Unknown owner - c:\Program Files\Darwin Streaming Server\DarwinStreamingServer.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\pmctvt~1.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
I will appreciatte very much your help to resolve this problem.
Thanks a lot,
dreamer
Ahh, and i get this when by the panda active scan:
Incident Status Location
Adware:adware/beginto Not disinfected c:\windows\system32\cache32_rtneg
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/powerscan Not disinfected Windows Registry
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.c2.gostats.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.google.com.br/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[.xiti.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[fe.lea.lycos.es/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[fe.lea.lycos.fr/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\dreamer\Application Data\Mozilla\Firefox\Profiles\ibmt7s2g.default\cookies.txt[searchportal.information.com/]
Hello,
If you have not resolved the problem, we have this sticky topic:
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
hi,
i resolved part of the problem, now what it happens is when i open my winword or outlook my desktop reboots automatically...
what should i post here now??
thanks in advance,
dreamer
ups, it seems not... it has appeared again the window saying that will go shutdown in 1 minute...
what should i put here now?
thanks
LonnyRJones
2006-09-07, 14:45
Hi
I assume you have scanned with your updated antivirus then SpyBot/ spysweeper , ewido and windows defender while the pc was in safe mode ?
If not please do so.
The file mpas-d.exe is apperently part of Windows Defender and it updates.
Im not seeing much information on this
O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe
go here and submit that file http://www.virustotal.com/flash/index_en.html
hi, i had uploaded that file and was not found ani virus:
and i had run again ido and spybot and hijackthis again so here are the report of Ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:16:35 07-09-2006
+ Scan result:
C:\WINDOWS\system32\mscomserv.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
::Report end
and now from hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 23:35:53, on 07-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System\Inst.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\CardReader2.0\CRBroadCasting.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\No-IP\DUC20.exe
E:\dvb soft\ProgDVB\Remote\remoterm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CardReader2.0\OTiReader.exe
C:\Program Files\RemotelyAnywhere\RaMaint.exe
C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\RemotelyAnywhere\RAGui.exe
C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [POINTER] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Inst] "C:\WINDOWS\System\Inst.exe" install
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe"
O4 - HKLM\..\Run: [CRBroadCasting] "C:\Program Files\CardReader2.0\CRBroadCasting.exe"
O4 - HKLM\..\Run: [LiveMonitor] "C:\Program Files\MSI\Live Update 3\LMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Shortcut to remoterm.lnk = E:\dvb soft\ProgDVB\Remote\remoterm.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: MBNet - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - c:\progra~1\sibs\mbnet\icone.hta
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/pt-PT/filesharingctrl.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/cc/mbnetbrws.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095623948593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157318444190
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://shiva/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7ADFDE4-D5F6-4974-834B-5069B6030888}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rainit - C:\WINDOWS\SYSTEM32\RAinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\pmctvt~1.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
i had uninstalled the windows defender. so the problem of the mpas-d.exe dissappear... now i need to see if does not appear again the window to shutdown my computer in one minute.
thanks for all you help,
greetings,
dreamer
aahh, it still reboots automatically, like pressing reset button, when i open my outlook, i had tried the outlook.exe in tha virustotal and no virus, the winwor.exe ocupies 11MB, so i cannot upload the file to be scanned... :(
i have no ideia... i'm thinking to uninstall all office and reinstall it again? what do you think?
thanks,
dreamer
LonnyRJones
2006-09-08, 01:16
I dont recall you mentioning winwor.exe where is it ?
check the files properties and tell me what info you see there, also check the properties of
C:\WINDOWS\system32\altsvc.exe
and C:\WINDOWS\System\Inst.exe
hi,
for file C:\WINDOWS\system32\altsvc.exe i have:
created at: Saturday, 2 of October 2004, 12:03:22
modified at: Wednesday, 4 of August 2004, 8:56:57
Accessed at: Friday, 8 of September 2006, 7:22:51
Not Read-Only and not Hidden
File size: 13312 bytes
MD5: c9b18abe9063a33e77f6be81cc8df0c5
SHA1: 88be20fba19ce9462c471f1999410b1c2b511287
for file C:\WINDOWS\System\Inst.exe i have:
created at: Saturday, 10 of July 2004, 14:17:22
modified at: Tuesday, 2 of April 2002, 17:42:12
Accessed at: Friday, 8 of September 2006, 7:21:26
Not Read-Only and not Hidden
File size: 20480 bytes
MD5: 0f8273724074dc928acb65a6259aacb3
SHA1: 75d8b27c715df2f7d4ac177a10d407baf58cca4e
If you need more info than this please ask.
Thanks,
dreamer
LonnyRJones
2006-09-08, 15:18
In each of the file's properties is there a manufacturer and/or version information ?
Lets look at a log from combofix
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
hi,
for the C:\WINDOWS\system32\altsvc.exe i have no version, no manufactor and no description.
for the C:\WINDOWS\System\Inst.exe the version is: 1.0.0.1 and the description is: KC Setup XP MFC Application
The Log of combofix is this: (running in normal mode, if you need in safe mode i can do it)
2006-08-28 21:40 -------- d-------- C:\Documents and Settings\dreamer\Application Data\Webroot
2006-08-28 20:48 -------- d-------- C:\Program Files\Alwil Software
2006-08-28 19:13 -------- d-------- C:\Documents and Settings\dreamer\Application Data\Lavasoft
2006-08-28 05:53 -------- d-------- C:\Documents and Settings\dreamer\Application Data\Free Download Manager
2006-08-28 00:54 -------- d-------- C:\Program Files\Common Files\STOPzilla!
2006-08-28 00:47 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-08-27 23:27 -------- d-------- C:\Program Files\Aluria Security Center
2006-08-27 23:21 -------- d-------- C:\Documents and Settings\dreamer\Application Data\STOPzilla!
2006-08-27 23:20 -------- d-------- C:\Program Files\Common Files
2006-08-27 21:52 -------- d-------- C:\Program Files\Azureus
2006-08-11 06:58 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-10 13:35 -------- d-------- C:\Program Files\eMule
2006-08-07 22:40 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-06 23:36 -------- d-------- C:\Program Files\MSI
2006-08-05 16:25 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-08-05 16:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 16:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 16:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 16:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-03 19:33 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-08-03 19:33 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-08-03 19:33 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-08-03 19:33 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-08-02 21:46 -------- d-------- C:\Program Files\DOSBox-0.65
2006-07-30 23:42 -------- d-------- C:\Program Files\GPS Tuner
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-29 17:06 -------- d-------- C:\Program Files\Priberam
2006-07-29 17:06 -------- d-------- C:\Program Files\Common Files\Protec
2006-07-29 17:06 -------- d-------- C:\Program Files\Common Files\Priberam
2006-07-27 22:43 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-27 22:42 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 22:03 -------- d-------- C:\Program Files\Exact Audio Copy
2006-07-12 21:45 -------- d---s---- C:\Documents and Settings\dreamer\Application Data\Microsoft
2006-07-12 21:41 -------- d-------- C:\Program Files\gs
2006-07-02 14:36 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2006-07-02 14:36 225280 --a------ C:\WINDOWS\system32\ReWire.dll
2006-06-18 22:59 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-06-15 11:18 91 --a------ C:\Documents and Settings\dreamer\Application Data\FixVTS.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="\"C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"Inst"="\"C:\\WINDOWS\\System\\Inst.exe\" install"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"FinePrint Dispatcher v5"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"CTHelper"="CTHELPER.EXE"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"WinSSHD Activation State Checker"="\"C:\\Program Files\\Bitvise WinSSHD\\WinsshdActStateCheck.exe\""
"CRBroadCasting"="\"C:\\Program Files\\CardReader2.0\\CRBroadCasting.exe\""
"LiveMonitor"="\"C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"MSConfig"="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe\" /auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="\"C:\\Program Files\\Creative\\TaskBar\\CTLTray.exe\""
"TaskBar"="\"C:\\Program Files\\Creative\\TaskBar\\CTLTask.exe\""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"SpybotSD TeaTimer"="\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"ICQ Lite"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -trayboot"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00
@=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\windows\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CoreCenter.lnk"
"backup"="C:\\windows\\pss\\CoreCenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\CORECE~1\\CORECE~1.EXE "
"item"="CoreCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle Scheduler.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Pinnacle Scheduler.lnk"
"backup"="C:\\WINDOWS\\pss\\Pinnacle Scheduler.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\Programs\\SCHEDU~1\\PCLESC~1.EXE "
"item"="Pinnacle Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^dreamer^Start Menu^Programs^Startup^BOINC Manager.lnk]
"path"="C:\\Documents and Settings\\dreamer\\Start Menu\\Programs\\Startup\\BOINC Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\BOINC Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\BOINC\\boincmgr.exe /s"
"item"="BOINC Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^dreamer^Start Menu^Programs^Startup^Pinnacle Systems - Studio Family.lnk]
"path"="C:\\Documents and Settings\\dreamer\\Start Menu\\Programs\\Startup\\Pinnacle Systems - Studio Family.lnk"
"backup"="C:\\WINDOWS\\pss\\Pinnacle Systems - Studio Family.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\STUDIO~1\\EREGIS~1\\Remind32.exe "
"item"="Pinnacle Systems - Studio Family"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^dreamer^Start Menu^Programs^Startup^Registration-PCTV.lnk]
"path"="C:\\Documents and Settings\\dreamer\\Start Menu\\Programs\\Startup\\Registration-PCTV.lnk"
"backup"="C:\\WINDOWS\\pss\\Registration-PCTV.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\PINNAC~1\\EREGIS~1\\RegTool.exe PCTV,PCTSTD,register,PG,0,"
"item"="Registration-PCTV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aluria Security Center]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SecurityCenter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Aluria Security Center\\SecurityCenter.exe /minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BullsEye Network]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\chknaf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="chknaf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\chknaf.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Cleanup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="2006831194613_mcappins"
"hkey"="HKLM"
"command"="\"C:\\DOCUME~1\\dreamer\\LOCALS~1\\Temp\\2006831194613_mcappins.exe\" /v=3 /cleanup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Desktop Weather 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="THEWEA~1"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\THEWEA~1\\THEWEA~1.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DSLAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslagent"
"hkey"="HKLM"
"command"="dslagent.exe USB"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\fpiadbS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="akpkrqxh"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\akpkrqxh.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GSICONEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GSICON"
"hkey"="HKLM"
"command"="GSICON.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iwxuppo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="irdyxo"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\irdyxo.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\luvqynt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="haiwdst"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\haiwdst.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msci]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="200683119468_mcinfo"
"hkey"="HKLM"
"command"="\"C:\\DOCUME~1\\dreamer\\LOCALS~1\\Temp\\200683119468_mcinfo.exe\" /insfin"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKAgent"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NetLimiter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NetLimiter"
"hkey"="HKLM"
"command"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Launch Application 2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pshower]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pshwr"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\pshwr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemotelyAnywhere GUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RAGui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\RemotelyAnywhere\\RAGui.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sais]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sais"
"hkey"="HKLM"
"command"="c:\\program files\\180searchassistant\\sais.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\seticlient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SETI@home"
"hkey"="HKCU"
"command"="C:\\Program Files\\SETI@home\\SETI@home.exe -min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\socjnby]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="liledjx"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\liledjx.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfAccuracy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SAcc"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfAccuracy\\SAcc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xhdquqg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dqovwuf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dqovwuf.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"iPodService"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rainit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\wrSpySweeper_81BFB4CB36174D2FA3B5A72C13556168.job
Completion time: 06-09-08 22:30:35.81
ComboFix.txt
LonnyRJones
2006-09-09, 01:33
Run Msconfig and disable
Inst
command= C:\\WINDOWS\\System\\Inst.exe
Open administrator tools > services and set
"COM+ Alerter Service" to disabled
Close services and restart your pc
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
REGEDIT4
;
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BullsEye Network]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\chknaf]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\fpiadbS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Internet Optimizer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iwxuppo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\luvqynt]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pshower]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sais]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\socjnby]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfAccuracy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xhdquqg]
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
delete these files and folders if they are still present
C:\Program Files\BullsEye Network
C:\WINDOWS\chknaf.exe
C:\WINDOWS\akpkrqxh.exe"
C:\Program Files\Internet Optimizer
C:\windows\system32\irdyxo.exe
C:\windows\\system32\haiwdst.exe
C:\WINDOWS\system32\pshwr.exe
c:\program files\180searchassistant
C:\windows\system32\liledjx.exe
C:\Program Files\SurfAccuracy
C:\WINDOWS\system32\dqovwuf.exe
hi,
i had remove the Inst from msconfig, disabled the COM+ Alerter Service and run the fixme.reg
I didn't have nothing to delete, i don't know if it is good because can be clean, or bad because it can appear another exe file without knowing the name.
I had rebooted my desktop when i disabled the services, and after removing that line from registry. After this i tryed to open my outlook again and after a while (less than a minute) my desktop rebooted again like i had pressed the Reset button... I starting to have no ideia... problem in my office? incompatibility with avast and outlook? or another plugin for other antivirus i had tried before and are making incompatibility now? should i uninstall all office and re-install it?
sorry about this... about the rest it seems that my computer is fine now...
thanks for all the time you are taking with me.
best regards,
dreamer
LonnyRJones
2006-09-09, 02:17
I see mcafee was disabled, is it still installed ?
If you have more than one antivirus program installed uninstall all but one
If that doesnt help try your idea of uninstalling (or repair) of MS office
The only antivirus i have now is avast!, my license of mcAfee expired and i had uninstalled. I will try first repair the office, if doesn't work i need to get all my configs of my email accounts to can uninstall completely the office and install it again, so that will take me a little more time, so i will try to do it during this weekend. then i tell tou here something.
So from what i see my computer should be clean now and maybe i have a problem with my office, right? I'm still have affraid to access to my bank account from here...
Thanks a lot for your help until to day.
greetings,
dreamer
LonnyRJones
2006-09-15, 15:58
Im Glad we could help
Since the malware problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).