Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2  All   Go Down

Author Topic: Panda Active Scan Reads Adware, Hacktools and Trojan  (Read 9894 times)

0 Members and 1 Guest are viewing this topic.

Sylverkitti

    Topic Starter


    Beginner

    Thanked: 1
    Panda Active Scan Reads Adware, Hacktools and Trojan
    « on: November 23, 2008, 11:37:38 PM »
    But I don't see any thing else picking it up. I ran it bc I kept having problems with Yahoo Messenger, getting odd (and LONG) messages about unknown links and files when I click the mail shortcut in my icon notification area. Also when I restart the computer Yahoo was always unresponsive to where I had to click end now or the computer would sit like that for hours. I uninstalled many times and reinstalled but that never helped. So I found 4 things on Panda, but cannot access them. Any ideas?

    SuperAntispyware:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/23/2008 at 11:37 PM

    Application Version : 4.1.1046

    Core Rules Database Version : 3648
    Trace Rules Database Version: 1631

    Scan type       : Complete Scan
    Total Scan Time : 01:16:13

    Memory items scanned      : 355
    Memory threats detected   : 0
    Registry items scanned    : 5652
    Registry threats detected : 0
    File items scanned        : 100974
    File threats detected     : 0

    Malwarebytes' Anti-Malware:

    Malwarebytes' Anti-Malware 1.30
    Database version: 1419
    Windows 5.1.2600 Service Pack 2

    2008-11-23 9:50:11 PM
    mbam-log-2008-11-23 (21-50-11).txt

    Scan type: Quick Scan
    Objects scanned: 48753
    Time elapsed: 4 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:12, on 2008-11-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ocwencustomers.com/home.cfm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1AC1131-1A94-4922-82BE-EC2D80A6CCA7}: NameServer = 205.171.3.65,205.171.2.65
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: jesuka.dll,avgrsstx.dll,mocugyka.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Jesuk Service (JesukSrv) - Unknown owner - C:\WINDOWS\system32\jesuk.exe (file missing)
    O23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: Mocugyk Service (MocugykSrv) - Unknown owner - C:\WINDOWS\system32\mocugyk.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (file missing)
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

    --
    End of file - 9002 bytes


    [Saving space - attachment deleted by admin]
    Logged

    CBMatt

    • Mod & Malware Specialist


      • Prodigy

    • Sad and lonely...and loving every minute of it.
      • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Panda Active Scan Reads Adware, Hacktools and Trojan
    « Reply #1 on: November 29, 2008, 01:52:35 AM »
    Well, the first four files in your Panda scan are harmless in their current state.  They are infected files that have been backed up by System Restore.  Right now, they can't do anything.  But if you go back to an older date with System Restore, those infections could return.  The other file is part of ComboFix, a malware removal tool we use.

    Your HijackThis log has a couple of minor issues.  If you would still like assistance, please post a new log so we can see if anything has changed.
    Logged
    Quote
    An undefined problem has an infinite number of solutions.
    由obert A. Humphrey

    Sylverkitti

      Topic Starter


      Beginner

      Thanked: 1
      Re: Panda Active Scan Reads Adware, Hacktools and Trojan
      « Reply #2 on: December 04, 2008, 02:31:04 AM »
      Naw I'm not too worried about the minor ones, I was just over worried about the trojan. If its something that will harm the performance then i would want to do something, but I have been running all tools and it probably took care of it. Thanks for the help!
      Logged

      CBMatt

      • Mod & Malware Specialist


        • Prodigy

      • Sad and lonely...and loving every minute of it.
        • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: Panda Active Scan Reads Adware, Hacktools and Trojan
      « Reply #3 on: December 04, 2008, 04:57:46 AM »
      Well, the choice is yours.  Based on your previous logs, I would advise going through the process (I would need a new HJT log).  But if you don't want to, I'm not gonna twist your arm.
      Logged
      Quote
      An undefined problem has an infinite number of solutions.
      由obert A. Humphrey

      Sylverkitti

        Topic Starter


        Beginner

        Thanked: 1
        Re: Panda Active Scan Reads Adware, Hacktools and Trojan
        « Reply #4 on: December 06, 2008, 04:42:49 PM »
        Sorry it takes so long to get back to you, been working long hours.... since you advise it I will do it, bc you are the pro...not me. LOL

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 5:41, on 2008-12-06
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18241)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\AVG\AVG8\avgtray.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
        C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
        C:\WINDOWS\system32\Pen_Tablet.exe
        C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
        C:\WINDOWS\system32\Pen_Tablet.exe
        C:\PROGRA~1\AVG\AVG8\avgrsx.exe
        C:\PROGRA~1\AVG\AVG8\avgemc.exe
        C:\WINDOWS\system32\lxcgcoms.exe
        C:\WINDOWS\system32\ntvdm.exe
        C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
        C:\Program Files\Java\jre6\bin\jucheck.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ocwencustomers.com/home.cfm
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js)
        N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js)
        O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
        O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
        O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
        O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
        O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
        O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
        O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
        O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{F1AC1131-1A94-4922-82BE-EC2D80A6CCA7}: NameServer = 205.171.3.65,205.171.2.65
        O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
        O20 - AppInit_DLLs: jesuka.dll,avgrsstx.dll,mocugyka.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
        O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: Jesuk Service (JesukSrv) - Unknown owner - C:\WINDOWS\system32\jesuk.exe (file missing)
        O23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exe
        O23 - Service: Mocugyk Service (MocugykSrv) - Unknown owner - C:\WINDOWS\system32\mocugyk.exe (file missing)
        O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
        O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (file missing)
        O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

        --
        End of file - 9420 bytes
        Logged

        CBMatt

        • Mod & Malware Specialist


          • Prodigy

        • Sad and lonely...and loving every minute of it.
          • Thanked: 167
          • Yes
        • Experience: Experienced
        • OS: Windows 7
        Re: Panda Active Scan Reads Adware, Hacktools and Trojan
        « Reply #5 on: December 07, 2008, 01:50:01 AM »
        No worries.  Many of us have busy schedules, so I can understand.

        To get started, run a scan with HijackThis (without a log) and place checkmarks next to the following entries...
        O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
        O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

        O20 - AppInit_DLLs: jesuka.dll,avgrsstx.dll,mocugyka.dll

        O23 - Service: Jesuk Service (JesukSrv) - Unknown owner - C:\WINDOWS\system32\jesuk.exe (file missing)

        Close all other windows and click on Fix Checked.  Then...
        Download LSPFix from:
        http://www.bleepingcomputer.com/files/spyware/lspfix.zip
        Once LSP-Fix is downloaded, extract it to your desktop.
        Close all windows on your computer.
        Launch/start lspfix.
        Put a checkmark in the 'I know what I'm doing' checkbox.
        Now move any instances of "mdnsnsp.dll" into the remove box using the >> button.
        Press the finish button.
        Then reboot.  Note: this file isn't malicious, but it appears to have been removed improperly.

        Once that's done, download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

        Link #1
        Link #2

        **Note:  It is important that it is saved directly to your Desktop

        Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

        Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
         
        Double click combofix.exe & follow the prompts.

        For Windows XP Systems install the Recovery Console:

        - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
        - If for some reason your Internet is not working click No.
        - If you are not using Windows XP, you will not be prompted.
        - When prompted to accept the EULA click OK.
        - Accept Microsoft's EULA (Click Yes).
        - When you are told that the RC is installed correctly click YES to continue scanning for malware.

        When finished ComboFix will produce a log for you.
        Post the ComboFix log in your next reply.  Post a new HijackThis log as well.

        Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

        Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
        Logged
        Quote
        An undefined problem has an infinite number of solutions.
        由obert A. Humphrey

        Sylverkitti

          Topic Starter


          Beginner

          Thanked: 1
          Re: Panda Active Scan Reads Adware, Hacktools and Trojan
          « Reply #6 on: December 07, 2008, 05:41:07 PM »
          Ok I did the hijack this fix but I got this on the next step when I clicked your link:
          404 ERROR: Page Not Found!

          The requested page http://www.bleepingcomputer.com/files/spyware/lspfix.zip could not be found on this server.

          ALso really odd but when I go to craigslist or anyother site that you click on mailto: links, they do not work now...and they did before.
          Logged

          CBMatt

          • Mod & Malware Specialist


            • Prodigy

          • Sad and lonely...and loving every minute of it.
            • Thanked: 167
            • Yes
          • Experience: Experienced
          • OS: Windows 7
          Re: Panda Active Scan Reads Adware, Hacktools and Trojan
          « Reply #7 on: December 08, 2008, 03:20:01 AM »
          Sorry, I accidentally posted an old link.  Try this one instead:
          http://download.bleepingcomputer.com/spyware/lspfix.zip

          As for the mail...can't say for sure yet what's causing that.  Perhaps it will clear itself up by the time we're done here.  If not, we can check your settings.  What client do you use for e-mail?  Outlook, Outlook Express, AOL, Thunderbird, or something else?
          Logged
          Quote
          An undefined problem has an infinite number of solutions.
          由obert A. Humphrey

          Sylverkitti

            Topic Starter


            Beginner

            Thanked: 1
            Re: Panda Active Scan Reads Adware, Hacktools and Trojan
            « Reply #8 on: January 09, 2009, 08:17:31 PM »
            Ok I am DONE with work! yay! so now I can finally concentrate on this problem and many others. Should I start over, or go where i left off??
            Logged

            CBMatt

            • Mod & Malware Specialist


              • Prodigy

            • Sad and lonely...and loving every minute of it.
              • Thanked: 167
              • Yes
            • Experience: Experienced
            • OS: Windows 7
            Re: Panda Active Scan Reads Adware, Hacktools and Trojan
            « Reply #9 on: January 11, 2009, 04:10:37 AM »
            Because it has been over a month now, it would probably be best to start over because there's no telling what might have changed in that much time.
            Logged
            Quote
            An undefined problem has an infinite number of solutions.
            由obert A. Humphrey

            Sylverkitti

              Topic Starter


              Beginner

              Thanked: 1
              Re: Panda Active Scan Reads Adware, Hacktools and Trojan
              « Reply #10 on: January 12, 2009, 07:54:50 PM »
              No prob...do i repost or will you still be handling it from here?

              On another note: I received a SPAM from another computer hope member...how do i report this abuse?
              Logged

              CBMatt

              • Mod & Malware Specialist


                • Prodigy

              • Sad and lonely...and loving every minute of it.
                • Thanked: 167
                • Yes
              • Experience: Experienced
              • OS: Windows 7
              Re: Panda Active Scan Reads Adware, Hacktools and Trojan
              « Reply #11 on: January 13, 2009, 02:42:21 AM »
              Go ahead and just continue in this thread, and I'll do what I can to help you out.

              As for the SPAM...was this in a private message?  If so, there should be a link in the bottom-right corner of the message that says "Report to Admin".  It will alert the administrator so he can review the offending message and take appropriate action.
              Logged
              Quote
              An undefined problem has an infinite number of solutions.
              由obert A. Humphrey

              Sylverkitti

                Topic Starter


                Beginner

                Thanked: 1
                Re: Panda Active Scan Reads Adware, Hacktools and Trojan
                « Reply #12 on: January 13, 2009, 04:39:13 PM »
                Ok I will run all scans again and post, the SPAM subject was "Message from ComputerHope forum member" and it was one of those scams that want to to take money, or something like that. I don't see a report button. I feel like that's abusing the forum, emailing SPAM to people.....
                Logged

                CBMatt

                • Mod & Malware Specialist


                  • Prodigy

                • Sad and lonely...and loving every minute of it.
                  • Thanked: 167
                  • Yes
                • Experience: Experienced
                • OS: Windows 7
                Re: Panda Active Scan Reads Adware, Hacktools and Trojan
                « Reply #13 on: January 13, 2009, 06:17:12 PM »
                I agree, this is definitely considered to be abuse here on our forum.  Take a look at the image I have attached below.  There is a link circled in red.  You should see something like that under the message.  Simply click it and it will take you to another page.  If you don't see this, then send me a Private Message with the user's name and a copy of what they sent you.  We can then look into it and take the appropriate action.
                Logged
                Quote
                An undefined problem has an infinite number of solutions.
                由obert A. Humphrey

                Sylverkitti

                  Topic Starter


                  Beginner

                  Thanked: 1
                  Re: Panda Active Scan Reads Adware, Hacktools and Trojan
                  « Reply #14 on: January 15, 2009, 12:19:27 AM »
                  1st let me say I have a keylogger, called Home Key logger, renamed to cat files main. I have to keep track of what I type and do for my non-profit, bc I have lost emails and word files countless times from tripping breakers and 2 year old children...Not sure how else to insure I have everything safe...if you have any other ideas, PLEASE let me know. So far this has worked.




                  SUPERAntiSpyware Scan Log
                  http://www.superantispyware.com

                  Generated 01/14/2009 at 07:00 AM

                  Application Version : 4.1.1046

                  Core Rules Database Version : 3708
                  Trace Rules Database Version: 1683

                  Scan type       : Complete Scan
                  Total Scan Time : 01:26:29

                  Memory items scanned      : 394
                  Memory threats detected   : 0
                  Registry items scanned    : 5691
                  Registry threats detected : 0
                  File items scanned        : 98326
                  File threats detected     : 0

                  **************************************

                  Malwarebytes' Anti-Malware 1.33
                  Database version: 1654
                  Windows 5.1.2600 Service Pack 2

                  2009-01-15 1:08:07 AM
                  mbam-log-2009-01-15 (01-08-07).txt

                  Scan type: Quick Scan
                  Objects scanned: 50825
                  Time elapsed: 6 minute(s), 8 second(s)

                  Memory Processes Infected: 0
                  Memory Modules Infected: 0
                  Registry Keys Infected: 0
                  Registry Values Infected: 0
                  Registry Data Items Infected: 0
                  Folders Infected: 0
                  Files Infected: 0

                  Memory Processes Infected:
                  (No malicious items detected)

                  Memory Modules Infected:
                  (No malicious items detected)

                  Registry Keys Infected:
                  (No malicious items detected)

                  Registry Values Infected:
                  (No malicious items detected)

                  Registry Data Items Infected:
                  (No malicious items detected)

                  Folders Infected:
                  (No malicious items detected)

                  Files Infected:
                  (No malicious items detected)

                  *****************************

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 1:14, on 2009-01-15
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v8.00 (8.00.6001.18241)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\PROGRA~1\AVG\AVG8\avgtray.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                  C:\Program Files\Java\jre6\bin\jqs.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\Pen_Tablet.exe
                  C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
                  C:\WINDOWS\system32\Pen_Tablet.exe
                  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                  C:\PROGRA~1\AVG\AVG8\avgemc.exe
                  C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\WINDOWS\system32\lxcgcoms.exe
                  C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
                  C:\Program Files\HomeKey\KeyLogger.exe
                  C:\Program Files\Java\jre6\bin\java.exe
                  C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ocwencustomers.com/home.cfm
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                  N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js)
                  N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js)
                  O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
                  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                  O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
                  O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
                  O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
                  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
                  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
                  O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
                  O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
                  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
                  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{F1AC1131-1A94-4922-82BE-EC2D80A6CCA7}: NameServer = 205.171.3.65,205.171.2.65
                  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
                  O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
                  O23 - Service: Jesuk Service (JesukSrv) - Unknown owner - C:\WINDOWS\system32\jesuk.exe (file missing)
                  O23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exe
                  O23 - Service: Mocugyk Service (MocugykSrv) - Unknown owner - C:\WINDOWS\system32\mocugyk.exe (file missing)
                  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                  O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (file missing)
                  O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

                  --
                  End of file - 8492 bytes
                  Logged
                  Pages: [1] 2  All   Go Up
                  « previous next »