Thread: Virus Identified
View Single Post
Old 03-16-2008, 05:27 PM   #4 (permalink)
alyoob
Silver Member
 
Join Date: Sep 2005
Age: 22
Posts: 163
Default Sdfix report and hijack log
SDFix: Version 1.158

Run by HP_Owner on Sun 03/16/2008 at 08:11 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\Installer\{118e5077-19d0-48e0-9c12-97916a1e81c2}\RamSys.dll - Deleted
C:\WINDOWS\Installer\{67301d0b-fc6d-482a-9186-9c22bb256bdb}\zip.dll - Deleted
C:\LSB25C.TMP - Deleted
C:\LSB269.TMP - Deleted
C:\WINDOWS\altvxvm.dll - Deleted
C:\WINDOWS\bokpkov.dll - Deleted



Folder C:\WINDOWS\Installer\{118e5077-19d0-48e0-9c12-97916a1e81c2} - Removed
Folder C:\WINDOWS\Installer\{67301d0b-fc6d-482a-9186-9c22bb256bdb} - Removed


Removing Temp Files

ADS Check :

C:\WINDOWS
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
WINDOWS: deleted 0 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 08:17:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:MP2P servent main executable"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\HP_Owner.YOUR-03667082DE\\Local Settings\\Temp\\Temporary Directory 1 for kaillerasrv-0.86-win32.zip\\kaillerasrv.exe"="C:\\Documents and Settings\\HP_Owner.YOUR-03667082DE\\Local Settings\\Temp\\Temporary Directory 1 for kaillerasrv-0.86-win32.zip\\kaillerasrv.exe:*:Enabled:kaillerasrv"
"C:\\Documents and Settings\\HP_Owner.YOUR-03667082DE\\Local Settings\\Temp\\kaillerasrv-0.86-win32\\kaillerasrv.exe"="C:\\Documents and Settings\\HP_Owner.YOUR-03667082DE\\Local Settings\\Temp\\kaillerasrv-0.86-win32\\kaillerasrv.exe:*:Enabled:kaillerasrv"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 26 Dec 2007 213 A.SHR --- "C:\BOOT.BAK"
Sat 15 Mar 2008 16,648 ..SHR --- "C:\Program Files\tmp15228171.exe"
Sat 15 Mar 2008 16,648 ..SHR --- "C:\Program Files\tmp15233375.exe"
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 4 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 23 Sep 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Fri 23 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Sun 30 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 7 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 28 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Mon 3 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Sun 9 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv05.tmp"
Mon 10 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv06.tmp"
Thu 13 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv07.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\0747ea8b76488160c55920e 7f1b87f0c\BIT717.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\080070f6461c8001578e5e4 cd4bb024b\BIT738.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\0a120212db9f8797932f46d ef01672fc\BIT712.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\0a7407b49e4a15c0b9a45c0 426de5360\BIT6EF.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\0c114cf5b19927cfea8b29c 83de1ed86\BIT715.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\0f8a5d0d09e527fa35dec9e 085d4b802\BIT701.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\1230492412c0d92c55a03b0 de671f167\BIT6EA.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\131ae35a2f5be2cefedd349 d083bb253\BIT6F5.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\1950380ad27a186ad7b25c1 e483494eb\BIT71D.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\1d8773e3b9bba05290b442f 31de09a2e\BIT6FC.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\1fb659e25c21839251d560d a33cbcfad\BIT721.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\208c1a8c52f47d7b2df4baa 21f58d3da\BIT710.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\2abaeb659824de5967ddf71 81c6befdb\BIT711.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\2d7809720343ee9223ce4d8 8d99bf3c2\BIT713.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\32e99364da67a7850c38a7a 4e067a1ed\BIT709.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\33831624a2e810dc854ea2f 820d0dd53\BIT6FE.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\379c3e87f4016899bd06cdf 1184d31ce\BIT71B.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\393673217fc83f2b990ca70 aa98f1df8\BIT6F8.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\410ff09308a833491dba768 6f0aee2eb\BIT6E4.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\458b0ddf827cd2ca02539e5 a3b1a3d3c\BIT71E.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\495213e4cb2a90b1fa5505a 5fab8e00b\BIT72C.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\4b6ccd5ccf72ffca11e7f7e 0165f2082\BIT700.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\4bc27de79804b640a2e67ed a87fe6cda\BIT6FD.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\4cbc0c1da652794a86c37db d177bef9d\BIT730.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\50d0c9ff929a7477233edd0 771ffdb01\BIT729.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\6b5f9b6e24a379bdb34ad35 89556de3e\BIT73C.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\6f0fd10fc234123bcdf54eb ca4b84cbd\BIT739.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\881d7070640a4412a784782 616794afa\BIT727.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\8a37f70e90784c333642cb7 6a8881df8\BIT735.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\972f9ceb5c3be430fe6cdcb 43653d74d\BIT716.tmp"
Wed 12 Dec 2007 490,736 A..H. --- "C:\WINDOWS\Sdold\Download\a4a9ccd1806461c53ce89bd d6f4591bf\BIT725.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\ab9217b6e5750f9481b4ee2 61d21b730\BIT73A.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\adc42e4e6905251cac80b18 a8dccd42a\BIT737.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\d1c98689cdcd0ea9312780f fc77a2cbe\BIT6F6.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\d20fc1765c1d2a8e6c26cf7 7036ce48f\BIT736.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\d424e8f655073b64c82b6f4 f138d5f7e\BIT71C.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\d820fbd6e1527bc9c51d0c3 b240b96fd\BIT733.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\d8816d09f86abbe0c321ddc 90d5c0948\BIT734.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\da70638ee8e6f6c7eff37e7 55cd6f449\BIT703.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\db7de921c93c501ab9b4e79 fa0aeabe4\BIT702.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\fa53e640686f7f15b5ee3f5 32304b804\BIT719.tmp"
Thu 27 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f686eb1 8ed8be61735e890e67439840\BIT1B.tmp"
Sat 5 Jan 2008 8,692,264 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7270fb1b d4654e5870108702aec957d8\BIT826.tmp"
Thu 27 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6b8211a 5dc0636ae3d15bf626ce10d3\BITC.tmp"
Fri 14 Dec 2007 165,232 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Mon 13 Mar 2006 262,144 ...H. --- "C:\Program Files\Nero\Nero 7\Nero PhotoShow 4\data\DVDMPEG2Enc.dll"
Mon 13 Mar 2006 84,604 ...H. --- "C:\Program Files\Nero\Nero 7\Nero PhotoShow 4\data\movie_maker.exe"
Mon 13 Mar 2006 61,440 ...H. --- "C:\Program Files\Nero\Nero 7\Nero PhotoShow 4\data\NeASL.dll"
Mon 13 Mar 2006 95,892 ...H. --- "C:\Program Files\Nero\Nero 7\Nero PhotoShow 4\data\Nero PhotoShow Express.exe"
Thu 6 Oct 2005 20,963 A..H. --- "C:\WINDOWS\Sdold\Download\0091ab299e899a5920ad917 39ad99c67\download\BIT751.tmp"
Fri 30 Mar 2007 34,451 A..H. --- "C:\WINDOWS\Sdold\Download\29f79ad83880337acafe2a3 7966d9d29\download\BIT755.tmp"
Sun 4 Feb 2007 131,851 A..H. --- "C:\WINDOWS\Sdold\Download\40a830826de015286a7a552 3023b1e09\download\BIT75F.tmp"
Wed 29 Mar 2006 17,650 A..H. --- "C:\WINDOWS\Sdold\Download\4cc8107fde988bba1481bb7 36cc96c29\download\BIT760.tmp"
Wed 6 Sep 2006 22,257 A..H. --- "C:\WINDOWS\Sdold\Download\52b72a8354f3c8a72b1aee0 b2a11d368\download\BIT753.tmp"
Wed 8 Feb 2006 3,854 A..H. --- "C:\WINDOWS\Sdold\Download\55b5c397ff94db07e8c1c33 6efaf0a7b\download\BIT765.tmp"
Wed 6 Sep 2006 22,098 A..H. --- "C:\WINDOWS\Sdold\Download\8a10de02595aa748279afc6 c628f49a8\download\BIT757.tmp"
Tue 20 Nov 2007 466 A..H. --- "C:\WINDOWS\Sdold\Download\a0d1667f129d439fad31a81 898b17830\download\BIT756.tmp"
Fri 1 Dec 2006 105,539 A..H. --- "C:\WINDOWS\Sdold\Download\aa19f15378aa75d2b2c7ba5 771e0c521\download\BIT74D.tmp"
Thu 6 Oct 2005 367,218 A..H. --- "C:\WINDOWS\Sdold\Download\b3ba2a040ecf3ac2cd2da39 9851bda00\download\BIT74B.tmp"
Fri 30 Mar 2007 4,663 A..H. --- "C:\WINDOWS\Sdold\Download\b79f0480d592be3a8c6db38 1ffc0c693\download\BIT75D.tmp"
Fri 5 Aug 2005 38,478 A..H. --- "C:\WINDOWS\Sdold\Download\c23140ab2b4cffaee396a23 0df8b1229\download\BIT766.tmp"
Fri 1 Dec 2006 26,524 A..H. --- "C:\WINDOWS\Sdold\Download\c3c3c6d9de8be474641d4bb ceb22a36f\download\BIT75A.tmp"
Mon 6 Aug 2007 56,269 A..H. --- "C:\WINDOWS\Sdold\Download\c87932aedce288373d0b6a6 c23f00c8a\download\BIT74A.tmp"
Fri 28 Jul 2006 27,746 A..H. --- "C:\WINDOWS\Sdold\Download\c9cdbfcd49200c55d94bb81 819c80f2b\download\BIT75B.tmp"
Fri 1 Sep 2006 11,301 A..H. --- "C:\WINDOWS\Sdold\Download\d037d9bbbbdf880e477c384 0b38c3180\download\BIT762.tmp"
Thu 20 Apr 2006 1,412 A..H. --- "C:\WINDOWS\Sdold\Download\d378d94379aa314a2f8a03d f7faef1bc\download\BIT75E.tmp"
Fri 5 Aug 2005 2,080 A..H. --- "C:\WINDOWS\Sdold\Download\e3c3121982c8a4d0c1605cf bcb9bb7c8\download\BIT763.tmp"
Sat 4 Nov 2006 32,858 A..H. --- "C:\WINDOWS\Sdold\Download\e7d26e5776f9930c6ad9dff 351940707\download\BIT761.tmp"
Fri 22 Sep 2006 136,969 A..H. --- "C:\WINDOWS\Sdold\Download\f040a43a7788e207ef67f26 bf9f0471f\download\BIT75C.tmp"
Fri 8 Jul 2005 15,203 A..H. --- "C:\WINDOWS\Sdold\Download\f941c900a413f153861a403 2214a1aec\download\BIT74E.tmp"
Tue 20 Nov 2007 118,111 A..H. --- "C:\WINDOWS\Sdold\Download\fa49f6893c7a59670b5a378 4bf50f6b9\download\BIT764.tmp"
Fri 14 Mar 2008 65,536 A..H. --- "C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp"

Finished!





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:28 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7865 bytes
Last edited by alyoob; 03-16-2008 at 05:34 PM.
alyoob is offline   Reply With Quote