Trojan Infection? - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25

Thread: Trojan Infection?

  1. #16
    Join Date
    Feb 2008
    Posts
    15
    Also, here is the latest Malwarebytes' Anti-Malware scan after the above procedures was done:
    Malwarebytes' Anti-Malware 1.05
    Database version: 396

    Scan type: Full Scan (C:\|)
    Objects scanned: 132783
    Time elapsed: 54 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\SYSTEM32\ssttt.dll (Trojan.Vundo) -> No action taken.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5009e1e-d97a-40df-b098-72f7e4fb7f78} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c5009e1e-d97a-40df-b098-72f7e4fb7f78} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssttt.dll -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\SYSTEM32\ssttt.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\tttss.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\tttss.ini2 (Trojan.Vundo) -> No action taken.

  2. #17
    Join Date
    Feb 2008
    Posts
    15
    I may have got it. I used ComboFix and so far so good. I will advise if the problem comes back.

  3. #18
    Join Date
    Feb 2008
    Posts
    15
    (duplicate post) Disregard

  4. #19
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,399
    Open HJT, checkmark following entries:
    - O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    - O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    Click "Fix checked".

    In HJT, click on Config button (bottom right), click on Misc Tools button, then on Generate StartupList Log. Make sure both boxes to the right are checked.
    Post the above log.

  5. #20
    Join Date
    Feb 2008
    Posts
    15
    The text was to long for this post. It will be posted in installments:

    StartupList report, 3/1/2008, 10:47:07 PM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v7.00 (7.00.6000.16608)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ofps.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Webshots\webshots.scr
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Kenneth Salter\Start Menu\Programs\Startup]
    CD-MENU.LNK = D:\MENU.exe
    Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    *No files*

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Sonic RecordNow! =
    Weather = C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
    StubPath = C:\WINDOWS\system32\ieudinit.exe

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll - {0347C33E-8762-4905-BF09-768834316C61}
    (no name) - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll - {053F9267-DC04-4294-A72C-58F732D338C0}
    (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
    (no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - c:\program files\google\googletoolbar5.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    AdwareAlert Scheduled Scan.job
    AppleSoftwareUpdate.job

  6. #21
    Join Date
    Feb 2008
    Posts
    15
    Continued (post 2 of 3):
    --------------------------------------------------

    Enumerating Download Program Files:

    [{0000000A-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/downlo...367/wmavax.CAB

    [Support.com Configuration Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\tgctlcm.dll
    CODEBASE = http://help.bellsouth.net/sdccommon/...ad/tgctlcm.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
    CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

    [DjVuCtl Class]
    InProcServer32 = C:\Program Files\LizardTech\DjVuControl\DjVuCntl.dll
    CODEBASE = http://www.lizardtech.com/download/f...trol_en_US.cab

    [CKAVWebScan Object]
    InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    CODEBASE = http://www.kaspersky.com/kos/eng/par...an_unicode.cab

    [iPIX ActiveX Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
    CODEBASE = http://www.ipix.com/viewers/ipixx.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

    [ewidoOnlineScan Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
    CODEBASE = http://downloads.ewido.net/ewidoOnlineScan.cab

    [Trend Micro ActiveX Scan Agent 6.6]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
    CODEBASE = http://housecall65.trendmicro.com/ho...vex/hcImpl.cab

    [ICSScannerLight Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICSScannerLight.dll
    CODEBASE = http://download.zonelabs.com/bin/free/cm/ICSCM.cab

    [MALPlaybackCtrl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SMALPlaybackCtrl.ocx
    CODEBASE = http://musicstore.connect.com/XSL/mb...LStreaming.cab

    [Snapfish Activia]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
    CODEBASE = http://photo.walgreens.com/WalgreensActivia.cab

    [{51045741-8C4E-4EAC-8F03-08E43A6FBB29}]
    CODEBASE = http://aft.ancestry.com/aftfiles/fil...FamilyTree.cab

    [ICSScanner Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICSScan.dll
    CODEBASE = http://download.zonelabs.com/bin/pro...anner37390.cab

    [Java Plug-in 1.6.0_03]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab

    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab

    [SurroundVideoCtrl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSSurVid.ocx
    CODEBASE = http://autos.msn.com/components/ocx/survid/MSSurVid.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://acs.pandasoftware.com/actives...ree/asinst.cab

    [FujifilmUploader Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\FujifilmUploadClient.dll
    CODEBASE = http://photo.walmart.com/photo/uploa...loadClient.cab

    [a-squared Scanner]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
    CODEBASE = http://ax.emsisoft.com/asquared.cab

    [ExteriorSurround Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Outside.ocx
    CODEBASE = http://autos.msn.com/components/ocx/...or/Outside.cab

    [Toontown Installer ActiveX Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ttinst.dll
    CODEBASE = http://download.toontown.com/sv1.0.14.22/ttinst.cab

    [Java Plug-in 1.6.0_03]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab

    [Java Plug-in 1.6.0_03]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
    CODEBASE = http://fpdownload.macromedia.com/get...nt/swflash.cab

    [Live Collaboration]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\RntX.dll
    CODEBASE = https://livewc03.custhelp.com/7560-b.../java/RntX.cab

    [CUpdateCtl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\HPSWUpdate.ocx
    CODEBASE = http://update.hpphoto.com/download/HPSWUpdate.ocx

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
    ArcSoft Connect Daemon: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (autostart)
    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
    aeaudio: system32\drivers\aeaudio.sys (manual start)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
    Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)
    Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
    Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
    aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
    aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
    ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
    AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
    amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
    Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
    asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
    asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
    AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
    AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
    AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
    AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
    AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
    AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart)
    AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)

  7. #22
    Join Date
    Feb 2008
    Posts
    15
    Continued (post 3 of 3):

    Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    catchme: \??\C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\catchme.sys (manual start)
    cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
    cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
    COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
    dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    drvmcdb: system32\drivers\drvmcdb.sys (system)
    drvnddm: system32\drivers\drvnddm.sys (autostart)
    3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    fysscilcaqrl: system32\drivers\fysscilcaqrl.sys (manual start)
    GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
    hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
    hpqcxs08: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (manual start)
    HP CUE DeviceDiscovery Service: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (autostart)
    IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
    Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
    USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    i81x: System32\DRIVERS\i81xnt5.sys (manual start)
    iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
    iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
    iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
    iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
    iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
    iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
    iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
    iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
    iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
    iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
    ialm: System32\DRIVERS\ialmnt5.sys (manual start)
    InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
    CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
    IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
    ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
    IntelC51: System32\DRIVERS\IntelC51.sys (manual start)
    IntelC52: System32\DRIVERS\IntelC52.sys (manual start)
    IntelC53: System32\DRIVERS\IntelC53.sys (manual start)
    IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
    Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
    IPSEC driver: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
    mohfilt: System32\DRIVERS\mohfilt.sys (manual start)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
    mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
    WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    Net Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: System32\DRIVERS\nv4_mini.sys (manual start)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
    OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
    OmniForm Printer: C:\WINDOWS\System32\ofps.exe (autostart)
    Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
    Motorola iDEN P2k Device: system32\DRIVERS\P2k.sys (manual start)
    Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
    PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)
    Parallel port driver: System32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
    perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    Pml Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
    IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
    ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
    Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
    ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
    ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
    ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
    SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
    SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SDTHOOK: System32\DRIVERS\SDTHOOK.sys (manual start)
    Secdrv: System32\DRIVERS\secdrv.sys (autostart)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
    smwdm: system32\drivers\smwdm.sys (manual start)
    Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
    Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
    System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
    System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    sscdbhk5: system32\drivers\sscdbhk5.sys (system)
    SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
    ssrtln: system32\drivers\ssrtln.sys (system)
    SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)
    symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
    symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
    sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
    sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    tfsnboio: system32\dla\tfsnboio.sys (autostart)
    tfsncofs: system32\dla\tfsncofs.sys (autostart)
    tfsndrct: system32\dla\tfsndrct.sys (autostart)
    tfsndres: system32\dla\tfsndres.sys (autostart)
    tfsnifs: system32\dla\tfsnifs.sys (autostart)
    tfsnopio: system32\dla\tfsnopio.sys (autostart)
    tfsnpool: system32\dla\tfsnpool.sys (autostart)
    tfsnudf: system32\dla\tfsnudf.sys (autostart)
    tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Ulead Burning Helper: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
    ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Apple Mobile USB Driver: System32\Drivers\usbaapl.sys (manual start)
    Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
    USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
    Motorola USB Modem Driver: system32\DRIVERS\usbser.sys (manual start)
    USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
    ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
    WpdUsb: System32\Drivers\wpdusb.sys (manual start)
    Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
    Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Intel(R) Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
    Intel(R) Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)


    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*

    --------------------------------------------------

    End of report, 43,637 bytes
    Report generated in 0.641 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

  8. #23
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,399
    I see nothing there.
    I'm not clear. After running Combofix, pop-ups are gone?

  9. #24
    Join Date
    Feb 2008
    Posts
    15
    The problem (pop-ups) appears to be gone after running a combination of ComboFix, HJT, ATF Cleaner, then SuperAntiSpyware and finally Kaperssky Webscanner. I also removed and then reinstalled AVG. The last couple of checks came back clean. I am going to see if it re-appears again or if it is finally gone for good. I am now running AVG, SuperantiSpyware and the firewall that windows xp has built in. Is that an acceptable level of protection to prevent future problem?

  10. #25
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,399
    AVG is a very good AV.
    Superantispyware, unless it's a paid version, doesn't run in real time, so you don't have to have it as a startup.
    For real time antimalware protection, I recommend:
    Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares.
    It won't interfere with your antivirus, nor firewall.

    As for firewall, Windows firewall is not too good.
    You'll do much better with free Comodo: http://www.personalfirewall.comodo.com/
    Before you install it, make sure, you disable Windows firewall.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •