infected need help

dark_angel

dark_angel

Member
Hi,
I'm running a virtual xp but i'm pretty sure i'm infected with virus. I've run karspesky and it found 1000 problems but i don't know if it has fixed them up. I don't think they can effect the actually computer as it is virtual but i won't to make sure they can't get passwords etc so any help would be appreciated.
 
Hello, please download and post a log with HiJackThis.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:18 PM, on 20/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\do-Organizer\doOrganizer.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://projectalchemist.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [do-Organizer2] C:\Program Files\do-Organizer\doOrganizer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: RocketDock.exe.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214636905578
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnox.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe

--
End of file - 8166 bytes
 
OK, i'll help.

Google Combo fix and download it, then run it, and post the log in a reply.

Then post a fresh hijackthis log.

P.S. - I would post the code i have, but i'm on a mac and it doesn't have access :P
 
will post in an hour when i get home. So i just download combo fix and it will just have an option to scan and save log
 
Combofix scan

Start Time= Mon 21/07/2008 18:30:35.25

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-07-20 14:34:38 ( .D... ) "C:\Program Files\Trend Micro"
2008-07-19 20:54:20 ( .D... ) "C:\Program Files\Kaspersky Lab"
2008-07-18 18:36:16 ( .D... ) "C:\Program Files\Reallusion"
2008-07-18 18:36:00 ( .D... ) "C:\Documents and Settings\Cam\Application Data\InstallShield"
2008-07-18 15:42:44 ( .D... ) "C:\Documents and Settings\Cam\Application Data\MAGIX"
2008-07-18 15:34:44 ( .D... ) "C:\Program Files\MAGIX"
2008-07-14 14:30:52 95744 ( A.... ) "C:\WINDOWS\system32\decrypt.exe"
2008-07-14 14:30:52 1452 ( A.... ) "C:\Program Files\log145909492.txt"
2008-07-14 14:29:24 262727 ( A.... ) "C:\WINDOWS\system32\KeyChanger.exe"
2008-07-14 14:29:24 1452 ( A.... ) "C:\Program Files\log996916633.txt"
2008-07-14 14:29:16 1452 ( A.... ) "C:\Program Files\log134526943.txt"
2008-07-12 17:09:24 ( .D... ) "C:\Documents and Settings\Cam\Application Data\MediaMan"
2008-07-12 17:06:06 ( .D... ) "C:\Program Files\MediaMan"
2008-07-11 22:19:46 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Webcammax"
2008-07-07 14:47:00 ( .D... ) "C:\Documents and Settings\Cam\Application Data\360desktop"
2008-07-06 19:07:58 ( .D... ) "C:\Program Files\FileZilla"
2008-07-05 18:55:06 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-07-05 18:55:06 ( .D... ) "C:\Program Files\InterVideo"
2008-07-05 18:29:10 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Thinstall"
2008-07-05 17:15:00 ( .D... ) "C:\Program Files\do-Organizer"
2008-07-05 17:01:54 ( .D... ) "C:\Documents and Settings\Cam\Application Data\IDM"
2008-07-05 17:01:54 ( .D... ) "C:\Documents and Settings\Cam\Application Data\DMCache"
2008-07-05 17:01:50 ( .D... ) "C:\Program Files\Internet Download Manager"
2008-07-04 21:58:24 87608 ( A.... ) "C:\Documents and Settings\Cam\Application Data\inst.exe"
2008-07-04 21:58:24 47360 ( A.... ) "C:\Documents and Settings\Cam\Application Data\pcouffin.sys"
2008-07-04 21:58:24 7887 ( A.... ) "C:\Documents and Settings\Cam\Application Data\pcouffin.cat"
2008-07-04 21:58:24 1144 ( A.... ) "C:\Documents and Settings\Cam\Application Data\pcouffin.inf"
2008-07-04 21:58:24 33 ( A.... ) "C:\Documents and Settings\Cam\Application Data\pcouffin.log"
2008-07-04 20:34:58 ( .D... ) "C:\Documents and Settings\Cam\Application Data\U3"
2008-07-04 11:14:00 ( .D... ) "C:\Documents and Settings\Cam\Application Data\ACD Systems"
2008-07-03 17:38:18 1234 ( A.... ) "C:\Documents and Settings\Cam\Application Data\SAS7_000.DAT"
2008-07-02 12:17:40 ( .D.H. ) "C:\Program Files\CanonBJ"
2008-07-01 21:04:28 76 ( A.... ) "C:\WINDOWS\system32\net32gdilib.dll"
2008-07-01 21:04:28 ( .D... ) "C:\Program Files\J River"
2008-07-01 21:04:16 ( .D... ) "C:\Documents and Settings\Cam\Application Data\J River"
2008-07-01 13:24:04 ( .D... ) "C:\Program Files\IVT Corporation"
2008-06-30 20:03:46 ( .D... ) "C:\Program Files\Pcsx2"
2008-06-30 17:49:08 ( .D... ) "C:\Documents and Settings\Cam\Application Data\skypePM"
2008-06-30 17:42:56 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Skype"
2008-06-30 17:42:22 ( .D... ) "C:\Program Files\Skype"
2008-06-30 17:42:22 ( .D... ) "C:\Program Files\Common Files\Skype"
2008-06-29 22:42:04 ( .D... ) "C:\Program Files\Xvid"
2008-06-29 16:56:20 ( .D.HR ) "C:\Documents and Settings\Cam\Application Data\yahoo!"
2008-06-29 16:50:48 ( .D... ) "C:\Program Files\Yahoo!"
2008-06-29 14:23:30 ( .D... ) "C:\Program Files\Foxit Software"
2008-06-28 22:43:20 ( .D... ) "C:\Program Files\adni18"
2008-06-28 22:43:18 729686 ( A.... ) "C:\WINDOWS\system32\Alpha Galaxy 1280.scr"
2008-06-28 18:45:20 ( .D... ) "C:\Program Files\Common Files\Logishrd"
2008-06-28 17:11:52 ( .DSH. ) "C:\Program Files\Common Files\WindowsLiveInstaller"
2008-06-28 12:58:16 ( .D... ) "C:\Program Files\SysMetrix"
2008-06-28 11:56:02 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Consultia"
2008-06-28 11:39:58 ( .D... ) "C:\Documents and Settings\Cam\Application Data\OtakuSoftware"
2008-06-28 11:10:42 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Macromedia"
2008-06-27 22:56:04 ( .D... ) "C:\Documents and Settings\Cam\Application Data\WeatherWatcher"
2008-06-27 22:55:44 ( .D... ) "C:\Program Files\Weather Watcher"
2008-06-27 22:45:40 668 ( A.... ) "C:\Documents and Settings\Cam\Application Data\vso_ts_preview.xml"
2008-06-26 23:26:58 ( .D... ) "C:\Program Files\Common Files\ODBC"
2008-06-26 23:26:54 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2008-06-26 23:26:54 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2008-06-26 23:26:54 ( .D... ) "C:\Program Files\Common Files"
2008-06-26 23:26:36 62 ( A.SH. ) "C:\Documents and Settings\Cam\Application Data\desktop.ini"
2008-06-26 22:52:28 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Vso"
2008-06-26 18:57:18 ( .D... ) "C:\Program Files\Microsoft Office"
2008-06-26 14:53:26 ( .D... ) "C:\Program Files\VMware"
2008-06-26 14:49:00 ( .D... ) "C:\Program Files\NETGATE"
2008-06-26 14:46:52 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-06-26 14:46:52 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Adobe"
2008-06-26 14:41:50 ( .D... ) "C:\Program Files\Microsoft Works"
2008-06-26 14:41:50 ( .D... ) "C:\Program Files\Microsoft Visual Studio 8"
2008-06-26 14:41:30 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2008-06-26 14:41:30 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-06-26 14:40:56 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-06-26 14:39:22 ( .D... ) "C:\Program Files\Microsoft Expression"
2008-06-26 14:32:04 ( .D... ) "C:\Program Files\Common Files\ACD Systems"
2008-06-26 14:32:04 ( .D... ) "C:\Program Files\ACD Systems"
2008-06-26 14:29:50 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Mozilla"
2008-06-26 14:28:40 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2008-06-26 14:26:32 ( .D... ) "C:\Program Files\MediaMonkey"
2008-06-26 14:25:16 ( .D... ) "C:\Documents and Settings\Cam\Application Data\WinRAR"
2008-06-26 14:23:50 ( .D... ) "C:\Program Files\WinRAR"
2008-06-26 14:11:42 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Media Player Classic"
2008-06-26 13:59:18 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Identities"
2008-06-26 13:59:10 ( .D.H. ) "C:\Program Files\Uninstall Information"
2008-06-26 13:56:36 ( .DS.. ) "C:\Documents and Settings\Cam\Application Data\Microsoft"
2008-06-26 13:56:36 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Sun"
2008-06-26 13:56:36 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Real"
2008-06-26 13:56:36 ( .D... ) "C:\Documents and Settings\Cam\Application Data\Notepad++"
2008-06-26 13:53:18 ( .D... ) "C:\Program Files\Styler"
2008-06-26 13:52:50 ( .D... ) "C:\Program Files\RocketDock"
2008-06-26 13:52:50 ( .D... ) "C:\Program Files\Media Connect"
2008-06-26 13:49:34 ( .D... ) "C:\Program Files\xerox"
2008-06-26 13:49:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2008-06-26 13:48:00 ( .D... ) "C:\Program Files\Stardock"
2008-06-26 13:48:00 ( .D... ) "C:\Program Files\Common Files\Stardock"
2008-06-26 13:47:48 ( .D... ) "C:\Program Files\Notepad++"
2008-06-26 13:47:32 ( .D... ) "C:\Program Files\Unlocker"
2008-06-26 13:47:10 ( .D... ) "C:\Program Files\Windows Live"
2008-06-26 13:46:14 ( .D... ) "C:\Program Files\LClock"
2008-06-26 13:45:14 ( .D... ) "C:\Program Files\Java"
2008-06-26 13:45:12 ( .D... ) "C:\Program Files\Common Files\Java"
2008-06-26 13:44:46 ( .D... ) "C:\Program Files\Mozilla Firefox"
2008-06-26 13:44:26 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-06-26 13:38:50 ( .D... ) "C:\Program Files\Windows Media Connect 2"
2008-06-26 13:38:36 0 ( A.... ) "C:\AUTOEXEC.BAT"
2008-06-26 13:36:40 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2008-06-26 13:36:16 ( .D... ) "C:\Program Files\Common Files\Services"
2008-06-26 13:36:16 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2008-06-26 13:36:10 ( .D... ) "C:\Program Files\Movie Maker"
2008-06-26 13:35:56 ( .D... ) "C:\Program Files\NetMeeting"
2008-06-26 13:35:54 ( .D... ) "C:\Program Files\Outlook Express"
2008-06-26 13:35:52 ( .D... ) "C:\Program Files\Internet Explorer"
2008-06-26 13:35:52 ( .D... ) "C:\Program Files\Common Files\System"
2008-06-26 13:35:14 ( .D... ) "C:\Program Files\ComPlus Applications"
2008-06-26 13:35:04 ( .D... ) "C:\Program Files\Windows Media Player"
2008-06-26 13:35:04 ( .D... ) "C:\Program Files\Online Services"
2008-06-26 13:34:32 ( .D... ) "C:\Program Files\Multimedia"
2008-06-26 13:34:30 ( .D... ) "C:\Program Files\System"
2008-06-26 13:34:22 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2008-06-26 13:34:22 ( .D... ) "C:\Program Files\Messenger"
2008-06-26 13:34:04 ( .D... ) "C:\Program Files\Windows NT"
2008-06-26 13:34:04 ( .D... ) "C:\Program Files\MSN"
2008-06-05 16:33:02 319488 ( ..... ) "C:\WINDOWS\system32\MC12.exe"
2008-04-28 22:52:32 28672 ( A.... ) "C:\WINDOWS\system32\setupold.exe"
2008-04-28 22:52:32 3127 ( A.... ) "C:\WINDOWS\system32\presetup.cmd"
2008-04-28 22:42:20 3050496 ( A.... ) "C:\WINDOWS\system32\winntbbu.dll"
2008-04-28 22:03:44 2227072 ( A.... ) "C:\WINDOWS\system32\ntkrnlpa.exe"
2008-04-28 22:03:44 483840 ( A.... ) "C:\WINDOWS\system32\wzcsvc.dll"
2008-04-28 22:03:44 52736 ( A.... ) "C:\WINDOWS\system32\wzcsapi.dll"
2008-04-28 22:03:44 52224 ( A.... ) "C:\WINDOWS\system32\dmutil.dll"
2008-04-28 22:03:44 47104 ( A.... ) "C:\WINDOWS\system32\cnbjmon.dll"
2008-04-28 22:03:44 35328 ( A.... ) "C:\WINDOWS\system32\pid.dll"
2008-04-28 22:03:44 20992 ( A.... ) "C:\WINDOWS\system32\hid.dll"
2008-04-28 22:03:44 15360 ( A.... ) "C:\WINDOWS\system32\pjlmon.dll"
2008-04-28 22:02:44 323641 ( A.... ) "C:\WINDOWS\system32\usrdtea.dll"
2008-04-28 22:02:44 157696 ( A.... ) "C:\WINDOWS\system32\paqsp.dll"
2008-04-28 22:02:44 147968 ( A.... ) "C:\WINDOWS\system32\mdwmdmsp.dll"
2008-04-28 22:02:44 102457 ( A.... ) "C:\WINDOWS\system32\usrv42a.dll"
2008-04-28 22:02:44 86073 ( A.... ) "C:\WINDOWS\system32\usrfaxa.dll"
2008-04-28 22:02:44 77891 ( A.... ) "C:\WINDOWS\system32\usrmlnka.exe"
2008-04-28 22:02:44 77890 ( A.... ) "C:\WINDOWS\system32\usrdpa.dll"
2008-04-28 22:02:44 77883 ( A.... ) "C:\WINDOWS\system32\usrrtosa.dll"
2008-04-28 22:02:44 72192 ( A.... ) "C:\WINDOWS\system32\sprio800.dll"
2008-04-28 22:02:44 70656 ( A.... ) "C:\WINDOWS\system32\sprio600.dll"
2008-04-28 22:02:44 69700 ( A.... ) "C:\WINDOWS\system32\usrshuta.exe"
2008-04-28 22:02:44 69699 ( A.... ) "C:\WINDOWS\system32\usrcoina.dll"
2008-04-28 22:02:44 69632 ( A.... ) "C:\WINDOWS\system32\spnike.dll"
2008-04-28 22:02:44 61508 ( A.... ) "C:\WINDOWS\system32\usrprbda.exe"
2008-04-28 22:02:44 61500 ( A.... ) "C:\WINDOWS\system32\usrcntra.dll"
2008-04-28 22:02:44 55296 ( A.... ) "C:\WINDOWS\system32\dvdplay.exe"
2008-04-28 22:02:44 53305 ( A.... ) "C:\WINDOWS\system32\usrlbva.dll"
2008-04-28 22:02:44 49211 ( A.... ) "C:\WINDOWS\system32\usrvpa.dll"
2008-04-28 22:02:44 49211 ( A.... ) "C:\WINDOWS\system32\usrsdpia.dll"
2008-04-28 22:02:44 49209 ( A.... ) "C:\WINDOWS\system32\usrv80a.dll"
2008-04-28 22:02:44 45116 ( A.... ) "C:\WINDOWS\system32\usrvoica.dll"
2008-04-28 22:02:44 41019 ( A.... ) "C:\WINDOWS\system32\usrsvpia.dll"
2008-04-28 22:02:44 13824 ( A.... ) "C:\WINDOWS\system32\wowfaxui.dll"
2008-04-28 22:02:44 8192 ( A.... ) "C:\WINDOWS\system32\streamci.dll"
2008-04-28 22:02:44 3200 ( A.... ) "C:\WINDOWS\system32\wowfax.dll"
2008-04-28 21:57:14 693792 ( A.... ) "C:\WINDOWS\system32\OGACheckControl.DLL"
2008-04-28 21:57:14 524288 ( A.... ) "C:\WINDOWS\opuc.dll"
2008-04-28 21:57:14 142696 ( A.... ) "C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll"
2008-04-28 21:56:42 2350208 ( A.... ) "C:\WINDOWS\system32\ntoskrnl.exe"
2008-04-25 18:22:24 206088 ( A.... ) "C:\WINDOWS\system32\klogon.dll"
2008-04-24 23:26:24 1614848 ( A.... ) "C:\WINDOWS\system32\sfcfiles.dll"
2008-04-24 23:25:38 218624 ( A.... ) "C:\WINDOWS\system32\uxtheme.dll"
2008-04-24 23:25:26 990208 ( A.... ) "C:\WINDOWS\system32\syssetup.dll"
2008-04-24 23:25:00 24576 ( A.... ) "C:\WINDOWS\system32\nlsdl.dll"
2008-04-24 23:24:54 26112 ( A.... ) "C:\WINDOWS\system32\idndl.dll"
2008-04-24 23:24:54 23552 ( A.... ) "C:\WINDOWS\system32\normaliz.dll"
2008-04-24 23:24:50 818688 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2008-04-24 23:24:46 231424 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2008-04-24 23:24:46 206336 ( A.... ) "C:\WINDOWS\system32\winfxdocobj.exe"
2008-04-24 23:24:38 1162240 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2008-04-24 23:24:34 105984 ( A.... ) "C:\WINDOWS\system32\url.dll"
2008-04-24 23:24:32 670720 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2008-04-24 23:24:32 101376 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2008-04-24 23:24:32 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2008-04-24 23:24:28 192000 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2008-04-24 23:24:26 156160 ( A.... ) "C:\WINDOWS\system32\msls31.dll"
2008-04-24 23:24:24 475648 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2008-04-24 23:24:24 48128 ( A.... ) "C:\WINDOWS\system32\mshtmler.dll"
2008-04-24 23:24:18 3578368 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2008-04-24 23:23:58 45568 ( A.... ) "C:\WINDOWS\system32\mshta.exe"
2008-04-24 23:23:58 12288 ( A.... ) "C:\WINDOWS\system32\msfeedssync.exe"
2008-04-24 23:23:56 458752 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2008-04-24 23:23:56 50688 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2008-04-24 23:23:54 92672 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2008-04-24 23:23:54 40960 ( A.... ) "C:\WINDOWS\system32\licmgr10.dll"
2008-04-24 23:23:54 27136 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2008-04-24 23:23:30 36352 ( A.... ) "C:\WINDOWS\system32\imgutil.dll"
2008-04-24 23:23:24 180736 ( A.... ) "C:\WINDOWS\system32\ieui.dll"
2008-04-24 23:23:24 55296 ( A.... ) "C:\WINDOWS\system32\iesetup.dll"
2008-04-24 23:23:24 13312 ( A.... ) "C:\WINDOWS\system32\ieudinit.exe"
2008-04-24 23:23:22 266752 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2008-04-24 23:23:18 191488 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2008-04-24 23:23:14 6049280 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2008-04-24 23:22:44 78336 ( A.... ) "C:\WINDOWS\system32\ieencode.dll"
2008-04-24 23:22:42 382976 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2008-04-24 23:22:40 383488 ( A.... ) "C:\WINDOWS\system32\ieapfltr.dll"
2008-04-24 23:22:30 229376 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2008-04-24 23:22:30 161792 ( A.... ) "C:\WINDOWS\system32\ieakui.dll"
2008-04-24 23:22:28 152064 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2008-04-24 23:22:26 61952 ( A.... ) "C:\WINDOWS\system32\icardie.dll"
2008-04-24 23:22:26 54784 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2008-04-24 23:22:22 131584 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2008-04-24 23:22:20 346624 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2008-04-24 23:22:20 214528 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2008-04-24 23:22:18 17408 ( A.... ) "C:\WINDOWS\system32\corpol.dll"
2008-04-24 23:22:16 123904 ( A.... ) "C:\WINDOWS\system32\advpack.dll"
2008-04-24 23:22:16 71680 ( A.... ) "C:\WINDOWS\system32\admparse.dll"
2008-04-24 23:21:32 501760 ( A.... ) "C:\WINDOWS\system32\usp10.dll"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"FortKnoxPersonalFirewall"="\"C:\\Program Files\\NETGATE\\FortKnox Personal Firewall 2008\\FortKnoxGUI.exe\""
"VMware Tools"="C:\\Program Files\\VMware\\VMware Tools\\VMwareTray.exe"
"VMware User Process"="C:\\Program Files\\VMware\\VMware Tools\\VMwareUser.exe"
"SysMetrix"="C:\\Program Files\\SysMetrix\\SysMetrix.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"BigDog305"="C:\\WINDOWS\\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)"
"TrayServer"="C:\\Program Files\\MAGIX\\Movie_Edit_Pro_14_PLUS_Download_version\\TrayServer.exe"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"CubeDesktop"=""
"RocketDock"="\"C:\\Program Files\\RocketDock\\RocketDock.exe\""
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"do-Organizer2"="C:\\Program Files\\do-Organizer\\doOrganizer.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_2"="regsvr32 /s /n /i:U shell32"
"nltide_3"=hex(2):72,75,6e,64,6c,6c,33,32,20,61,64,76,70,61,63,6b,2e,64,6c,6c,\
2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,45,78,20,6e,4c,69,74,65,\
2e,69,6e,66,2c,43,2c,2c,34,2c,4e,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSMConfigurePrograms"=dword:00000001
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoSharedDocuments"=hex:01,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"nltide_2"="regsvr32 /s /n /i:U shell32"
"nltide_3"=hex(2):72,75,6e,64,6c,6c,33,32,20,61,64,76,70,61,63,6b,2e,64,6c,6c,\
2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,45,78,20,6e,4c,69,74,65,\
2e,69,6e,66,2c,43,2c,2c,34,2c,4e,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSMConfigurePrograms"=dword:00000001
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoSharedDocuments"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


Contents of the 'Scheduled Tasks' folder

Completion time: Mon 21/07/2008 18:32:49.17
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
 
New hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:42 PM, on 21/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\do-Organizer\doOrganizer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://projectalchemist.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [do-Organizer2] C:\Program Files\do-Organizer\doOrganizer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: RocketDock.exe.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214636905578
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnox.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe

--
End of file - 8267 bytes
 
Just to be sure

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
it gives blue screen of death and restarts when it goes to start that scan so i don't know if that means i am effected or not
 
cohen said:
Just to be sure

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Click to expand...
What do you expect the online Kaspersky scan will find that their installed Kaspersky hasn't? Perhaps you should ask that they run Kaspersky again and post the results? Perhaps you should read the thread before posting?
 
You must log in or register to reply here.
Back
Top