[pchelpers] Re: indomitable malware - Antivir best antimalware program

Hi Scott

> Take a look with AutoRuns also.  Use the option to verify signatures
> and the option to hide signed Microsoft entries; this will give you a
> fairly short list to look at.  You can delete anything that says "File
> not found", and uncheck anything that looks suspicious.

The AutoRuns log below was finally sent to me. Am i right in believing 
this shows the computer to be clean? It still shows the unnecessary but 
harmless entries you already mentioned in the HJT log and some file not 
found entries - and i'll check whether XPFix.exe has a legit folder in 
the programs menu and program files folder. (Some stuff has explanations 
in Finnish, but i'm sure you know what they're saying even without me 
trying to translate.)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run                      
+ Alice XPFix   (Not verified) Gemtek   c:\program files\wireless 11mbps 
network\xpfix.exe
+ ATIPTA        ATI Desktop Control Panel       (Not verified) ATI 
Technologies, 
Inc.    c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ avgnt Antivirus System Tray Tool      (Not verified) Avira GmbH       
c:\program 
files\antivir personaledition classic\avgnt.exe
+ COMODO Firewall Pro   COMODO Firewall Pro     (Verified) Comodo CA Limited 
c:\program files\comodo\firewall\cpf.exe
+ HydraVisionDesktopManager     HydraDM (Not verified) ATI Technologies 
Inc.    c:\program files\ati technologies\ati hydravision\hydradm.exe
+ NeroCheck     NeroCheck       (Not verified) Ahead Software Gmbh 
c:\windows\system32\nerocheck.exe
+ SDTray        Spyware Doctor Tray     (Verified) PC Tools     c:\program 
files\spyware doctor\sdtrayapp.exe
+ SpywareTerminator                     File not found: C:\Program 
Files\Spyware 
Terminator\SpywareTerminatorShield.exe

HKLM\SOFTWARE\Classes\Protocols\Filter                  
+ application/octet-stream      Microsoft .NET Runtime Execution Engine (Not 
verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not 
verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload      Microsoft .NET Runtime Execution Engine (Not 
verified) Microsoft Corporation c:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler                 
+ cdo   Microsoft SharePoint Portal Server Object Model (Not verified) 
Microsoft Corporation   c:\program files\common files\microsoft shared\web 
folders\pkmcdo.dll
+ ms-itss       Microsoft® InfoTech Storage System Library      (Not verified) 
Microsoft Corporation   c:\program files\common files\microsoft 
shared\information retrieval\msitss.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components                    
+ 0                     File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components                       
+ n/a   Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft 
Corporation     c:\windows\system32\mscories.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved        
+ a-squared Free Context Menu Shell Extension   a-squared Free  (Not 
verified) Emsi Software GmbH    c:\program files\a-squared 
free\a2freecontmenu.dll
+ Display Panning CPL -laajennus                        File not found: 
deskpan.dll
+ Fusion Cache  Microsoft .NET Runtime Execution Engine (Not verified) 
Microsoft Corporation   c:\windows\system32\mscoree.dll
+ Shell Extension for Malware scanning  ShlExt.dll      (Not verified) H+BEDV 
Datentechnik GmbH       c:\program files\antivir personaledition 
classic\shlext.dll
+ Shell Icon Handler for Application References Application Deployment 
Support Library (Not verified) Microsoft Corporation 
c:\windows\system32\dfshim.dll
+ ShellLink for Application References  Application Deployment Support 
Library (Not verified) Microsoft Corporation    c:\windows\system32\dfshim.dll
+ Web-kansiot   Microsoft Web Folders   (Not verified) Microsoft 
Corporation     c:\program files\common files\microsoft shared\web 
folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers                     
+ PDF Shell Extension   PDF Shell Extension     (Not verified) Adobe 
Systems, Inc.   c:\program files\common 
files\adobe\acrobat\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 
Objects                 
+ Adobe PDF Reader Link Helper  Adobe PDF Helper for Internet Explorer 
(Verified) Adobe Systems, Incorporated  c:\program files\common 
files\adobe\acrobat\activex\acroiehelper.dll
+ PCTools Browser Monitor                       File not found: 
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
+ PCTools Site Guard                    File not found: 
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
+ {53707962-6F74-2D53-2644-206D7942484F}        Bad download blocker    
(Verified) 
Safer Networking Ltd.   c:\program files\spybot - search & 
destroy\sdhelper.dll

HKLM\System\CurrentControlSet\Services                  
+ ALG   Tukee kolmannen osapuolen laajennuksia Internet-yhteyden 
jakamiseen ja Windowsin palomuuriin.    (Not verified) Microsoft 
Corporation     c:\windows\system32\alg.exe
+ AntiVirScheduler      Service to schedule AntiVir jobs and updates.   (Not 
verified) Avira GmbH    c:\program files\antivir personaledition 
classic\sched.exe
+ AntiVirService        Offers permanent protection against viruses and malware 
with the AntiVir search engine.         (Not verified) AVIRA GmbH       
c:\program 
files\antivir personaledition classic\avguard.exe
+ CmdAgent      COMODO Firewall Pro Application Agent   (Verified) Comodo CA 
Limited c:\program files\comodo\firewall\cmdagent.exe
+ sdAuxService  Provides auxiliary Spyware Doctor services. If this 
service is disabled spyware protection will be reduced. (Verified) PC 
Tools   c:\program files\spyware doctor\svcntaux.exe
+ sdCoreService Provides spyware and malware protection for the system. 
If this service is disabled spyware protection will be disabled. 
(Verified) PC Tools     c:\program files\spyware doctor\swdsvc.exe

HKLM\System\CurrentControlSet\Services                  
+ avgio Avira AntiVir Support for Minifilter    (Not verified) AVIRA GmbH 
c:\program files\antivir personaledition classic\avgio.sys
+ CmdMon        COMODO Firewall Pro Application Engine  (Not verified) Comodo 
Research Lab., Inc.     c:\windows\system32\drivers\cmdmon.sys
+ IKFileSec             (Verified) PC Tools     
c:\windows\system32\drivers\ikfilesec.sys
+ IkSysFlt      System Filter Device Driver     (Verified) PC Tools 
c:\windows\system32\drivers\iksysflt.sys
+ IKSysSec      System Security Device Driver   (Verified) PC Tools 
c:\windows\system32\drivers\iksyssec.sys
+ Inspect       COMODO Firewall Pro Network Engine      (Not verified) COMODO 
c:\windows\system32\drivers\inspect.sys
+ NdisFilter                    File not found: 
c:\windows\system32\drivers\ndisfilter.sys
+ PCANDIS5      PCAUSA NDIS 5.0 Protocol Driver (Not verified) Printing 
Communications Assoc., Inc. (PCAUSA)    c:\program files\wireless 11mbps 
network\pcandis5.sys
+ sisperf       SiS Filter Driver       (Not verified) Silicon Integrated 
Systems 
Corp.   c:\windows\system32\drivers\sisperf.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk *   Auto Check -apuohjelma  (Not verified) Microsoft 
Corporation     c:\windows\system32\autochk.exe

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 

+ PCTOOLS CONTENT FILTER PROVIDER       PC Tools Layered Service Provider 
(Verified) PC Tools     c:\program files\common files\pc tools\lsp\pctlsp.dll
+ PCTOOLS over [MSAFD Tcpip [RAW/IP]]   PC Tools Layered Service Provider 
(Verified) PC Tools     c:\program files\common files\pc tools\lsp\pctlsp.dll
+ PCTOOLS over [MSAFD Tcpip [TCP/IP]]   PC Tools Layered Service Provider 
(Verified) PC Tools     c:\program files\common files\pc tools\lsp\pctlsp.dll
+ PCTOOLS over [MSAFD Tcpip [UDP/IP]]   PC Tools Layered Service Provider 
(Verified) PC Tools     c:\program files\common files\pc tools\lsp\pctlsp.dll
+ PCTools SGLSP FilterLSP System Module Dynamic Link Library 
(Verified) PC Tools     c:\program files\spyware doctor\filterlsp.dll
+ PCTools SGLSP over [PCTOOLS over [MSAFD Tcpip [RAW/IP]]]      FilterLSP 
System Module Dynamic Link Library      (Verified) PC Tools     c:\program 
files\spyware doctor\filterlsp.dll
+ PCTools SGLSP over [PCTOOLS over [MSAFD Tcpip [TCP/IP]]]      FilterLSP 
System Module Dynamic Link Library      (Verified) PC Tools     c:\program 
files\spyware doctor\filterlsp.dll
+ PCTools SGLSP over [PCTOOLS over [MSAFD Tcpip [UDP/IP]]]      FilterLSP 
System Module Dynamic Link Library      (Verified) PC Tools     c:\program 
files\spyware doctor\filterlsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders       
+ msapsspc.dll  DPA-asiakasohjelma 32-bittisiä käyttöjärjestelmiä varten 
(Not verified) Microsoft Corporation    c:\windows\system32\msapsspc.dll



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: