PDA

View Full Version : 3w-Media Player (Spyware devil)


loharv
09-25-2007, 08:49 AM
Ok, I would like to start by saying,

Dont judge me too soon.

This is the second time I've been had by something like this, I'm an idiot.

I downloaded an episode of a tv show, only to find that it requires "3w-Media Player" to play.

I went to the site, it seemed legit. Of course it seemed legit. *idiot*

Anyway, turns out its a spyware/trojan/nasty, which I lovingly downloaded and installed.

I've attempted to delete it all, but I am still getting these random websites popping up, even when I'm not using any other webpages.

They all seem to be advertising websites.

I have AVG installed, and apparently it totally missed this thing. Any thoughts on what else I could use to try and wipe it from my life?

Any help would be appreciated.

P.S This is the website for the program:

http://dowload.play3.com

Bryce W
09-25-2007, 12:50 PM
It appears 3w-Media Player is a legitimate program in itself, but this nastie you downloaded is a fake version of it. I couldn't find any information about the nastie version. So we'll need a log to look at. Download and run this:

http://www.technibble.com/repair-tool-of-the-week-runscanner/

Choose Beginner Mode and click OK

Tick "Do a Full Scan and Save Log File"

Press "Start Full Computer Scan". It will start scanning for nasties on your hard drive, this part may take some time.

It will then ask you to save the log file somewhere. Paste the contents of that log here.

loharv
09-25-2007, 01:12 PM
Alas, I managed to remove it :)

I downloaded Ad-Aware 2007, and also AVG Anti-Spyware (which I thought I already had) and ran them both.

Everything it back to normal and the suss files I couldnt delete are deletable.

Thanks for your help none the less :)

loharv
09-25-2007, 01:21 PM
I might actually run that program later, to double check.

The site doesnt seem to be working atm though, I'll try again in the morning.


Thanks.

Logan.

loharv
09-26-2007, 05:14 AM
Here's my Runscanner log file :)

Hope its clean :(

Thanks in advance,

Logan.

Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : JUAN
Creation time : 26/09/2007 1:51:50 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (Australia)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\program files\lavasoft\ad-aware 2007\aawtray.exe
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Lavasoft AB)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
c:\progra~1\grisoft\avg7\avgamsvr.exe (GRISOFT, s.r.o.)
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
c:\progra~1\grisoft\avg7\avgcc.exe (GRISOFT, s.r.o.)
c:\progra~1\grisoft\avg7\avgemc.exe (GRISOFT, s.r.o.)
c:\progra~1\grisoft\avg7\avgupsvc.exe (GRISOFT, s.r.o.)
c:\windows\vsnpstd.exe
* c:\program files\comodo\firewall\cmdagent.exe (COMODO)
* c:\program files\comodo\firewall\cpf.exe (COMODO)
* c:\program files\google\google updater\googleupdater.exe (Google)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google)
c:\program files\ahead\incd\incd.exe (Nero AG)
c:\program files\ahead\incd\incdsrv.exe (Nero AG)
* c:\program files\ipod\bin\ipodservice.exe (Apple Inc.)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
* c:\program files\java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
c:\program files\belkin keyboard mouse\mouse32a.exe
c:\program files\belkin keyboard mouse\kbdap32a.exe
c:\program files\myspace\im\myspaceim.exe
c:\program files\netlimiter 2 monitor\nlclient.exe (Locktime Software)
c:\program files\netlimiter 2 monitor\nlsvc.exe (Locktime Software)
* c:\windows\system32\nvsvc32.exe (NVIDIA Corporation)
c:\program files\scansoft\omnipagese4.0\opwarese4.exe (ScanSoft, Inc.)
* c:\windows\system32\pnkbstra.exe
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
* c:\windows\rthdcpl.exe (Realtek Semiconductor Corp.)
* c:\docume~1\loganh~1\locals~1\temp\rar$ex01.438\ru nscanner.exe (Runscanner.net)
c:\program files\winamp\winamp.exe (Nullsoft)
c:\program files\winamp\winampa.exe
c:\documents and settings\all users\documents\winrar\winrar.exe

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
* c:\program files\lavasoft\ad-aware 2007\aawtray.exe
* c:\program files\adobe\reader 8.0\reader\reader_sl.exe (Adobe Systems Incorporated)
c:\progra~1\grisoft\avg7\avgcc.exe (GRISOFT, s.r.o.)
* c:\program files\comodo\firewall\cpf.exe (COMODO)
c:\program files\belkin keyboard mouse\mouse32a.exe
* C:\WINDOWS\system32\hdashcut.exe (Windows (R) Server 2003 DDK provider)
c:\program files\ahead\incd\incd.exe (Nero AG)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
c:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation)
* c:\windows\system32\nvmctray.dll (NVIDIA Corporation)
C:\WINDOWS\system32\nwiz.exe
c:\program files\belkin keyboard mouse\kbdap32a.exe
c:\program files\scansoft\omnipagese4.0\opwarese4.exe (ScanSoft, Inc.)
c:\program files\quicktime\qttask.exe (Apple Inc.)
* C:\WINDOWS\rthdcpl.exe (Realtek Semiconductor Corp.)
c:\windows\vsnpstd.exe
c:\program files\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe (Scansoft, Inc.)
* c:\program files\java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
c:\program files\winamp\winampa.exe

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\electronic arts\ea link\core.exe (Electronic Arts)
c:\program files\myspace\im\myspaceim.exe
c:\program files\real\realplayer\realplay.exe (RealNetworks, Inc.)
* c:\program files\steam\steam.exe (Valve Corporation)
* c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe (Google Inc.)
c:\program files\veoh networks\veoh\veohclient.exe (Veoh Networks)

004 C:\Documents and Settings\Logan Harvey\Start Menu\Programs\Startup
----------------------------------------------------------------------
* c:\progra~1\xfire\xfire.exe (Xfire Inc.)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
* c:\progra~1\google\google~2\google~1.exe (Google)
c:\progra~1\micros~2\office\osa9.exe (Microsoft Corporation)

008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
--------------------------------------------------------------------------
c:\progra~1\grisoft\avg7\avgw.exe (GRISOFT, s.r.o.)
c:\program files\myspace\im\myspaceim.exe

009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
------------------------------------------------------------------------
c:\progra~1\grisoft\avg7\avgw.exe (GRISOFT, s.r.o.)
c:\program files\myspace\im\myspaceim.exe

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (AVG Anti-Spyware Guard)
c:\progra~1\grisoft\avg7\avgemc.exe (AVG E-mail Scanner)
c:\progra~1\grisoft\avg7\avgamsvr.exe (AVG7 Alert Manager Server)
c:\progra~1\grisoft\avg7\avgupsvc.exe (AVG7 Update Service)
* c:\program files\comodo\firewall\cmdagent.exe (Comodo Application Agent)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
c:\program files\ahead\incd\incdsrv.exe (InCD Helper)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
c:\program files\netlimiter 2 monitor\nlsvc.exe (NetLimiter)
* C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)
* c:\windows\system32\pnkbstra.exe (PnkBstrA)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\WINDOWS\system32\drivers\amdk8.sys (AMD Processor Driver)
C:\WINDOWS\system32\drivers\atksgt.sys (atksgt)
* C:\WINDOWS\system32\drivers\avgascln.sys (AVG Anti-Spyware Clean Driver)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (AVG Anti-Spyware Driver)
c:\windows\system32\drivers\avgtdi.sys (AVG Network Redirector)
c:\windows\system32\drivers\avgclean.sys (AVG7 Clean Driver)
c:\windows\system32\drivers\avg7core.sys (AVG7 Kernel)
c:\windows\system32\drivers\avg7rsxp.sys (AVG7 Resident Driver XP)
c:\windows\system32\drivers\avg7rsw.sys (AVG7 Wrap Driver)
C:\WINDOWS\system32\drivers\sptd.sys (Boot Bus Extender)
C:\WINDOWS\system32\drivers\xmasbus.sys (Boot Bus Extender)
C:\WINDOWS\system32\drivers\cmdmon.sys (Comodo Application Engine)
C:\WINDOWS\system32\drivers\inspect.sys (Comodo Network Engine)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
C:\WINDOWS\system32\drivers\incdpass.sys (InCDPass)
* C:\WINDOWS\system32\drivers\lgusbbus.sys (LGE Mobile Composite USB Device)
* C:\WINDOWS\system32\drivers\lgusbmodem.sys (LGE Mobile USB Modem)
* C:\WINDOWS\system32\drivers\lgusbdiag.sys (LGE Mobile USB Serial Port)
C:\WINDOWS\system32\drivers\lirsgt.sys (lirsgt)
* C:\WINDOWS\system32\drivers\hdaudbus.sys (Microsoft UAA Bus Driver for High Definition Audio)
* C:\WINDOWS\system32\drivers\hdaudio.sys (Microsoft UAA Function Driver for High Definition Audio Service)
* c:\windows\system32\drivers\nltdi.sys (nltdi)
* C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Network Bus Enumerator)
* C:\WINDOWS\system32\drivers\nvenetfd.sys (NVIDIA nForce Networking Controller Driver)
* C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
- c:\windows\system32\drivers\rtl8139.sys (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver)
* C:\WINDOWS\system32\drivers\rtlnic51.sys (Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver)
* c:\windows\system32\drivers\vaxscsi.sys (SCSI miniport)
C:\WINDOWS\system32\drivers\xmasscsi.sys (SCSI miniport)
C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\rtkhdaud.sys (Service for Realtek HD Audio (WDM))
C:\WINDOWS\system32\drivers\snpstd.sys (USB PC Camera (SN9C102))
- c:\windows\system32\vczkdxal.nuo (vczkdxal.nuo)
* C:\WINDOWS\system32\drivers\nv4_mini.sys (Video)

loharv
09-26-2007, 05:15 AM
Sorry, had to do it in two parts, was too long.


030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\program files\canon\easy-webprint\toolband.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
c:\program files\stumbleupon\stumbleuponiebar.dll (stumbleupon.com) {5093EB4C-3E93-40AB-9266-B607BA87BDC8}
c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll (Veoh Networks Inc) {D0943516-5076-4020-A3B5-AEFAF26AB263}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
c:\program files\messenger\msmsgs.exe (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\program files\google\googletoolbar2.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}

047 Trusted zones
-----------------
Zone: stumbleupon.com : *.stumbleupon.com

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
-----------------------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) {57B86673-276A-48B2-BAE7-C6DBB3020EB8}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
* c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
c:\program files\canon\easy-webprint\ewpbrowseloader.dll {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}
* c:\program files\google\googletoolbar2.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
* c:\program files\google\googletoolbarnotifier\2.1.615.5858\sw g.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
* c:\program files\java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
c:\program files\stumbleupon\stumbleuponiebar.dll (stumbleupon.com) {145B29F4-A56B-4b90-BBAC-45784EBEBBB7}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
---------------------------------------------------------------------------------
c:\progra~1\alcoho~1\alcoho~1\axshlex.dll (Alcohol Soft Development Team) {32020A01-506E-484D-A2A8-BE3CF17601C3}
c:\program files\grisoft\avg7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
c:\program files\grisoft\avg7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\progra~1\lgpcsu~1\lgphon~1\phone.dll (LG Electornics) {792F0537-F929-4eb7-AC1D-FB6334C71550}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
c:\program files\ahead\incd\incdshx.dll (Nero AG) {950FF917-7A57-46BC-8017-59D9BF474000}
c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
- c:\program files\smartftp client 2.0\smarthook.dll {B8323370-FF27-11D2-97B6-204C4F4F5020}
c:\documents and settings\all users\documents\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandler s
------------------------------------------------------------
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
C:\WINDOWS\system32\lsdelete.exe

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
-

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
--------------------------------------------------------
* C:\WINDOWS\system32\cnmlm8a.dll (CANON INC.)
C:\WINDOWS\system32\pdfcmnnt.dll

073 %windir%\Tasks
------------------
AAAEB9AA90F933EA.job : c:\docume~1\loganh~1\applic~1\userwa~1\dog iso live.exe
AppleSoftwareUpdate.job : c:\program files\apple software update\softwareupdate.exe (Apple Inc.)

100 Internet Explorer settings
------------------------------
CustomizeSearch HKCU : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Page_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL HKCU : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKCU : http://www.google.com
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
SearchAssistant HKLM : http://www.google.com/ie
SearchUrl HKCU : http://home.microsoft.com/access/autosearch.asp?p=%s
ShellNext HKCU : iexplore
Start Page HKCU : http://www.ninemsn.com/
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\program files\quicktime\qtplugin.ocx (Apple Inc.) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
* c:\windows\system32\macromed\director\swdir.dll (Adobe Systems, Inc.) {166B1BCA-3F9C-11CF-8075-444553540000}
c:\windows\downloaded program files\housecall_activex.dll (Trend Micro Inc.) {215B8138-A3CF-44C5-803F-8226143CFC0A}
c:\windows\downloaded program files\msnpupld.dll (Microsoft® Corporation) {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9b.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
StumbleUpon PhotoBlog It! : res://StumbleUponIEBar.dll/blogimage

120 Domain/DNS hijacking
------------------------
NameServer {02151018-9F50-4DDE-BF5D-E50C053BD5A3} : 203.12.160.35,203.12.160.36

160 HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
------------------------------------------------------------------
DisableRegistryTools : 0

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2
------------------------------------------------------------------------
{a7729829-c0d8-11da-b0a9-806d6172696f} : E:\autorun.exe
{a9f4388c-c27d-11da-a5ca-806d6172696f} : E:\setup.exe

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\context.dll (GRISOFT s.r.o.) {8934FCEF-F5B8-468f-951F-78A921CD3920}
c:\program files\grisoft\avg7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
c:\documents and settings\all users\documents\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

Bryce W
09-26-2007, 06:00 AM
Looks clean.
I couldnt determine what the below was, cant tell you whether its good or bad:
- c:\windows\system32\vczkdxal.nuo (vczkdxal.nuo)

You have also got PunkBuster (c:\windows\system32\pnkbstra.exe) on that system which is anti-cheating measure for Halflife based games. Some servers do require you to have it installed to prevent cheating. Althought it isn't malicious, it looks at what applications and processes you have running and reports them back to base which is considered spyware by definition.

loharv
09-26-2007, 06:31 AM
Thanks heaps Knuckles, you're a champ.