problem with locking up etc.

lurla · #1 (**permalink**) 01-01-2006, 08:06 PM

ok, so i had a friend 'fix' my computer, and I think something was deleted that shouldnt be? I am using firefox at the moment, but when using msn messenger, the internet locks up about 3 minutes in. I get a registry error message sometimes as well. Is there anything i can use to post what may be happening? All I have at the moment is a hijackthis log, and I dont know if this is appropriate for the kind of info I need? Thanks..

here is the log, dont know if it is of any help..

Logfile of HijackThis v1.99.1
Scan saved at 3:32:00 PM, on 1/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bruce\My Documents\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: CEJF0FFF - {41A41EC4-426A-6596-5428-38E00F607C13} - (no file)
O21 - SSODL: mtklefap - {20C2F347-189E-40E8-E7B0-11AC1518B83D} - (no file)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

jephree · #2 (**permalink**) 02-01-2006, 12:55 AM

I will move this to the HijackThis section. See what our pros there have to say. One thing that I will point out is that you do not even have SP1 let alone SP2.

At this point in time SP1 is absolutly necessary. I believe the HijackThis pros advise holding off on SP2 untill your computer is confirmed clean.

Neal · #3 (**permalink**) 02-01-2006, 02:47 AM

Is that the complete log? Did you recently reformat? I'm not sure if this is fixable by myself or VOPTHIS if items were deleted that ensures the smooth running of your computer.

We can do a few scans if you can and see if something shows up.

What was he trying to fix that was malware? Name of the infection might help.

Log is clean.

www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
* Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

lurla · #4 (**permalink**) 02-01-2006, 03:11 AM

i click on online scanner, and then accept, but then nothing happens?

btw, i did recently reformat (a friend did it for me). I am on cable modem and i keep getting hit by viruses almost instantly! This version of windows is the one that came with the computer when i bought it last february, and the friend that reformatted for me said that this version sucks, too....

Neal · #5 (**permalink**) 02-01-2006, 04:02 AM

You have to absolutely no getting around it or your computer is dead in the water I promise and may be lost already.

Go here and do everything there: Read This First - IMPORTANT Instructions

Never never get on the internet without an anti-virus program.

You also need a firewall:

a good free one:

http://www.sunbelt-software.com/Kerio-Download.cfm
This is a free version that will last 30 days then a couple of the functions will not be available but is still supported and a viable firewall and is what I have.

If this is a legal copy of windows go get service pack 1 only.

Do not get on the Internet unless you have Service Pack 1, Anti-virus program and a firewall, only use the Internet to get the programs.

Then come back.

lurla · #6 (**permalink**) 02-01-2006, 05:52 PM

ok.. i got SP1, and did the scans, (i got the AVG scanner)... but I am not sure what to do with the firewall? How do I configure it so I can get on the internet?

Neal · #7 (**permalink**) 02-01-2006, 06:33 PM

Hi,

Excellent job there.

Just download and install and use the default settings that come with the firewall install.

Did AVG find anything when you done your first scan? Was there anything it could not delete?

Did you get SpyBot and Adaware SE? Those scanners sure might turn something up malicious and hopefully delete them. If not post back here what could not be deleted.

Thanks.

lurla · #8 (**permalink**) 02-01-2006, 06:38 PM

the AVG scanner detected a worm, but deleted it ok. Same with adaware and spybot. Spybot had one that it couldnt delete, but appears to have deleted it when i ran it on startup. I ran it again later, and nothing showed up.

edited because the firewall is working now.

ok. so what do I do next? I am still getting these irritating messages about 'registry errors' trying to get me to go to sites and download registry fixers etc.. sometimes it is multiple at a time, sometimes only one . I know they are fake because there are misspellings. ie 'your registry is damanged'...

I should also add that about 10 mins into anything after reboot, the computer locks up and the only way to restart is to remove the power cord, or unplug the computer.

Neal · #9 (**permalink**) 02-01-2006, 08:36 PM

Good job,

See if you can do post #3.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

* Download finditnt2000xp.zip
* Unzip the contents of finditnt2000xp.zip to a convenient location.
* Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
* A command prompt will open and it will search your computer for malicious files.
* Once it has finished a Notepad window will pop up with output.txt.
* Copy the entire contents of output.txt into your next post.
* DON'T delete/modify any files yet

Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.

5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.

Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

You might try running some of these in safe mode like ewido if it locks up before it fininshes.

If it is getting close to time for computer to lockup then see if you can stop the Ewido scan and click on save report and get a partial log. then procede again etc.

lurla · #10 (**permalink**) 02-01-2006, 09:13 PM

ok, the online scanner worked! The only thing that didnt work is finditnt2000xp.zip because it said i needed a password to view it. Here are my logs!

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 02, 2006 16:24:59
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 168714
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 11050
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 300 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:37:57 PM, 1/2/2006
+ Report-Checksum: AF5A4E0C

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\5568wue8.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Bruce\Cookies\bruce@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Bruce\Cookies\bruce@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Bruce\Desktop\antivirus programs\ONLY PCTools 2006\Only.PCTools.1-ACT.Anti.KeyLogger.2006.WinALL.Cracked-BLiZZARD.ZI.ZIP/Only.PCTools.1-ACT.Anti.KeyLogger.2006.WinALL.Cracked-BLiZZARD/blz-op1akl2006-patch.exe -> Worm.Incef.b : Cleaned with backup
C:\Documents and Settings\Bruce\Desktop\antivirus programs\ONLY PCTools 2006\Only.PCTools.1-ACT.AntiPhishing.2006.WinALL.Cracked-BLiZZARD.ZIP/Only.PCTools.1-ACT.AntiPhishing.2006.WinALL.Cracked-BLiZZARD/blz-op1ap2006-patch.exe -> Worm.Incef.b : Cleaned with backup
C:\Documents and Settings\Bruce\Desktop\antivirus programs\ONLY PCTools 2006\Only.PCTools.1-ACT.Computer.Spy.2006.WinALL.Cracked-BLiZZARD.ZIP/Only.PCTools.1-ACT.Computer.Spy.2006.WinALL.Cracked-BLiZZARD/blz-op1acs2006-patch.exe -> Worm.Incef.b : Cleaned with backup
C:\Documents and Settings\Bruce\Desktop\antivirus programs\ONLY PCTools 2006\Only.PCTools.1-ACT.Hard.Disk.Monitor.2006.WinALL.Cracked-BLiZZARD.ZIP/Only.PCTools.1-ACT.Hard.Disk.Monitor.2006.WinALL.Cracked-BLiZZARD/blz-op1ahdm2006-patch.exe -> Worm.Incef.b : Cleaned with backup
C:\Documents and Settings\Bruce\Desktop\antivirus programs\ONLY PCTools 2006\Only.PCTools.1-ACT.Parental.Advisor.2006.WinALL.Cracked-BLiZZARD.ZIP/Only.PCTools.1-ACT.Parental.Advisor.2006.WinALL.Cracked-BLiZZARD/blz-op1apa2006-patch.exe -> Worm.Incef.b : Cleaned with backup
C:\Documents and Settings\Bruce\Desktop\antivirus programs\ONLY PCTools 2006\Only.PCTools.1-ACT.Personal.Firewall.2006.WinALL.Cracked-BLiZZARD.ZIP/Only.PCTools.1-ACT.Personal.Firewall.2006.WinALL.Cracked-BLiZZARD/blz-op1apf2006-patch.exe -> Worm.Incef.b : Cleaned with backup
C:\Documents and Settings\Bruce\Desktop\antivirus programs\ONLY PCTools 2006\Only.PCTools.1-ACT.Registry.Cleaner.2006.WinALL.Cracked-BLiZZARD.ZIP/Only.PCTools.1-ACT.Registry.Cleaner.2006.WinALL.Cracked-BLiZZARD/blz-op1arc2006-patch.exe -> Worm.Incef.b : Cleaned with backup

::Report End

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"Cryptographic Service" = "C:\WINDOWS\System32\meesorsj.exe" [file not found]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

Missing lines (compared with English-language version):
HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Sunbelt Kerio Personal Firewall 4, KPF4, "C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe" ["Sunbelt Software"]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 2 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 5 seconds.
---------- (total run time: 31 seconds)

Logfile of HijackThis v1.99.1
Scan saved at 4:39:49 PM, on 1/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\czdxvvv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: CEJF0FFF - {41A41EC4-426A-6596-5428-38E00F607C13} - (no file)
O21 - SSODL: mtklefap - {20C2F347-189E-40E8-E7B0-11AC1518B83D} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe