Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please: stration and brwconf

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby amateur » December 26th, 2006, 11:18 pm

Hi,

The end part of the combofix.txt seems to be cut off. Please include it in your next reply.
==============================

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it Do not scan with it yet.

==============================

First, go to Add/Remove Programs in your Control Panel and check if any of the following programs are there. Remove them if found and then delete the folders, using Windows Explorer.

C:\Program Files\SpongeBob SquarePants Diner Dash
C:\Program Files\Cake Mania
C:\Program Files\Common Files\Sandlot Shared
C:\Documents and Settings\Charles\Favorites\Health

C:\Program Files\Disney\Disney Online\Toontown
C:\Program Files\nickarcade

==============================

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

===============================

Delete the following files:

C:\WINDOWS\INF\bi7.inf
C:\WINDOWS\INF\biM.inf
===============================

From Safe Mode:
Run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

===============================

Restart in Normal Mode.

===============================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.


===============================

Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware SE is 1.06 and Spybot 1.4. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

===============================

Please download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA
Advertisement
Register to Remove

ComboFix

Unread postby Lido » December 26th, 2006, 11:50 pm

I think the last post had it all. Here it is again. I will work on the other items. Thanks so much for all your help.

#############ComboFix

Charles - 06-12-25 22:00:07.14 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Charles\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\fad.sys


((((((((((((((((((((((((((((((( Files Created from 2006-11-25 to 2006-12-25 ))))))))))))))))))))))))))))))))))


2006-12-25 20:00 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-25 19:47 90,151 --a------ C:\WINDOWS\SYSTEM32\rrsec2k.exe
2006-12-25 19:47 23,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rrspy64.sys
2006-12-25 19:47 21,888 --a------ C:\WINDOWS\SYSTEM32\rrSpy.sys
2006-12-25 19:47 21,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rrspy.sys
2006-12-25 19:47 112,640 --a------ C:\WINDOWS\SYSTEM32\rrsec.dll
2006-12-25 19:47 <DIR> d-------- C:\Program Files\Registrar Registry Manager
2006-12-24 19:58 <DIR> dr-h----- C:\Documents and Settings\Charles\Recent
2006-12-23 22:07 <DIR> d--hs---- C:\found.002
2006-12-23 21:51 <DIR> d-------- C:\Program Files\CCleaner
2006-12-23 17:41 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-12-23 17:41 <DIR> d-------- C:\Program Files\Grisoft
2006-12-23 17:09 <DIR> d-------- C:\quarantine
2006-12-23 12:16 9,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscinst.dll
2006-12-23 12:16 7,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxinst.dll
2006-12-23 12:16 7,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxcom.sys
2006-12-23 12:16 274,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxfsf.sys
2006-12-23 12:16 18,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxtdi.sys
2006-12-23 12:16 13,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxrd.sys
2006-12-23 12:16 11,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscrmbl.sys
2006-12-23 12:16 100,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PxEmu.sys
2006-12-23 12:16 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\Prevx
2006-12-23 12:15 <DIR> d-------- C:\Program Files\Prevx1
2006-12-23 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2006-12-23 01:08 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2006-12-23 01:06 <DIR> d-------- C:\Documents and Settings\Charles\.housecall6.6
2006-12-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-16 22:16 <DIR> d-------- C:\Program Files\AIM6
2006-12-14 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2006-12-14 19:11 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2006-12-05 20:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2006-12-05 19:39 <DIR> d-------- C:\Config.Msi
2006-12-04 23:41 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-04 23:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2006-11-27 03:45 60,416 --------- C:\WINDOWS\SYSTEM32\tzchange.exe
2006-11-25 20:03 <DIR> d-------- C:\Program Files\Apple Software Update


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-25 21:24 -------- d-------- C:\Program Files\Spyware Doctor
2006-12-25 21:22 -------- d-------- C:\Program Files\QuickTime
2006-12-25 21:19 -------- d-------- C:\Program Files\NetSnippets
2006-12-25 21:00 -------- d-------- C:\Program Files\iTunes
2006-12-25 21:00 -------- d-------- C:\Program Files\Internet Explorer
2006-12-25 20:58 -------- d-------- C:\Program Files\Google
2006-12-25 20:53 -------- d-------- C:\Program Files\Dell Support
2006-12-25 19:29 -------- d-------- C:\Program Files\nickarcade
2006-12-23 23:03 -------- d-------- C:\Program Files\ewido anti-malware
2006-12-22 20:19 -------- d-------- C:\Program Files\SpywareBlaster
2006-12-22 17:24 -------- d-------- C:\Program Files\Java
2006-12-18 15:24 -------- d-------- C:\Program Files\Common Files\AOL
2006-12-16 22:17 -------- d-a------ C:\Program Files\Common Files
2006-12-16 22:17 -------- d-------- C:\Program Files\AOL
2006-12-15 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 03:01 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 18:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-14 18:52 -------- d-------- C:\Program Files\UBISOFT
2006-12-07 23:42 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-07 23:42 -------- d-------- C:\Documents and Settings\Charles\Application Data\AdobeUM
2006-12-05 20:24 -------- d-------- C:\Program Files\Windows Media Player
2006-12-02 23:04 -------- d-------- C:\Documents and Settings\Charles\Application Data\Share-to-Web Upload Folder
2006-12-02 23:04 -------- d-------- C:\Documents and Settings\Charles\Application Data\Incomplete
2006-11-25 20:54 -------- d-------- C:\Program Files\iPod
2006-11-25 17:19 -------- d-------- C:\Documents and Settings\Charles\Application Data\Yahoo!
2006-11-25 17:13 -------- d-------- C:\Program Files\Yahoo!
2006-11-25 16:12 -------- d-------- C:\Documents and Settings\Charles\Application Data\Macromedia
2006-11-21 16:19 -------- d-------- C:\Program Files\SpongeBob SquarePants Diner Dash
2006-11-17 09:12 -------- d-------- C:\Program Files\Wild Thornberrys Australian Wildlife Rescue
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-11-03 23:28 -------- d-------- C:\Program Files\AOD
2006-10-31 18:37 -------- d-------- C:\Program Files\Cake Mania
2006-10-29 20:48 -------- d-------- C:\Program Files\Common Files\Sandlot Shared
2006-10-29 07:40 -------- d-------- C:\Program Files\BFG
2006-10-28 13:57 1392671 --a------ C:\WINDOWS\SYSTEM32\msvbvm60.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-13 07:35 65536 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\SYSTEM32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-11 11:24 58880 --a------ C:\WINDOWS\SYSTEM32\pnrpnsp.dll
2006-10-11 11:24 553984 --a------ C:\WINDOWS\SYSTEM32\p2psvc.dll
2006-10-11 11:24 313344 --a------ C:\WINDOWS\SYSTEM32\p2pgraph.dll
2006-10-11 11:24 153088 --a------ C:\WINDOWS\SYSTEM32\p2p.dll
2006-10-11 11:24 116224 --a------ C:\WINDOWS\SYSTEM32\p2pnetsh.dll
2006-10-11 11:24 104960 --a------ C:\WINDOWS\SYSTEM32\p2pgasvc.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\SYSTEM32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"SB Audigy 2 Startup Menu"="/L:ENG"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Run StartupMonitor"="StartupMonitor.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mm_tray.exe"
"Logitech Utility"="Logi_MwX.Exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1131573657\\ee\\AOLSoftware.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Ip6FwHlp


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-25 22:15:43.25
C:\ComboFix.txt ... 06-12-25 22:15
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » December 27th, 2006, 12:02 am

OK. :thumbright:
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Info

Unread postby Lido » December 31st, 2006, 8:16 pm

Ok. that was a lot. The deleted "biM" item was "set up info" created on 11/23/03. I didn't delete this: biM.PNF Preco mpiledsetup created 4/17/04. When I ran Ad-aware, it showed as deleted:

WINFIXER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : S-1-5-21-1964778976-4048470338-3091147340-1006\software\microsoft\windows\currentversion\ext\stats\{2353fcbc-012d-487b-8bf3-865c0929fbeb}

VIRTUMONDE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[1]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{2353fcbc-012d-487b-8bf3-865c0929fbeb}

#############

Here is the Cureit log:


setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3899.1.16;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4000.1.4;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4024.2.4;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.78.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
RegUBP2b-Charles.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Deleted.;
pinkrose[1].ani;C:\Documents and Settings\Sy\Local Settings\Temp\Temporary Internet Files\Content.IE5\GVMF6ZSP;Exploit.ANIFile;Deleted.;
aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Incurable.Moved.;
bh2.exe;C:\Program Files\Beach Head 2002\BH2Game;Modification of APE.based;Moved.;
killapps.exe;C:\Program Files\Creative\SBAudigy2\Program\WDM\COMMON;Tool.Prockill;Incurable.Moved.;
RacingDEMO.exe;C:\Program Files\Daydream Software\Ski-Doo X-Team Racing DEMO;Probably DLOADER.Trojan;Incurable.Moved.;
FA-18 Korea Gold Demo.exe;C:\Program Files\GraphSim Entertainment\FA-18 Korea Gold Demo;Win32.KME.based;Incurable.Moved.;
UISysRest.dll;C:\Program Files\Prevx1;Probably STPAGE.Trojan;Cannot move.;
tgcmd.exe;C:\Program Files\Support.com\bin;Probably DLOADER.Trojan;Incurable.Moved.;
A0134611.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP225;Adware.Xbarre;Incurable.Moved.;
A0136740.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP230;Adware.SpywareStorm;Incurable.Moved.;
A0137381.reg;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP236;Trojan.StartPage.1505;Deleted.;
A0137384.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP236;Modification of APE.based;Moved.;
A0137385.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP236;Win32.KME.based;Incurable.Moved.;
gtdownde_110.ocx;C:\WINDOWS\SYSTEM32;Probably DLOADER.Trojan;Incurable.Moved.;
KILLAPPS.EXE;C:\WINDOWS\SYSTEM32;Tool.Prockill;Incurable.Moved.;

###################

HiJack Log:
Logfile of HijackThis v1.99.1
Scan saved at 7:03:27 PM, on 12/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - (no file)
O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} -
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} -
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


THANKS AND HAPPY NEW YEAR!
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » January 1st, 2007, 12:37 pm

Hi,

Happy New Year to you too. :D Hope you had a good time.

Please delete the previous version of WinPFind3 first because it has recently been updated.

Download this version of WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

More

Unread postby Lido » January 1st, 2007, 2:35 pm

OK. Here is the report. I am going to be gone until Saturday. Thanks again for your help.

WinPFind3 logfile created on: 1/1/2007 1:21:43 PM
WinPFind3U by OldTimer - Version 1.0.8 Folder = C:\Documents and Settings\Charles\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1047536 Kb Total Physical Memory | 614328 Kb Available Physical Memory | 58.65% Memory free
2520184 Kb Paging File | 1967640 Kb Available in Paging File | 78.08% Paging File free

%SystemDrive% = C:
Drive C: | 232380224 Kb Total Space | 81585300 Kb Free Space | 35.11% Free Space
D: Drive not present or media not loaded
Drive E: | 991488 Kb Total Space | 845984 Kb Free Space | 85.32% Free Space
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:04 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1131573657\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 7:24:16 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 9:18:24 AM | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.04.0043 | Size = 1422336 bytes | Modified Date = 6/10/2005 7:59:56 PM | Attr = ]
dcfssvc.exe -> %System32%\DRIVERS\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.3900.0 | Size = 153150 bytes | Modified Date = 5/10/2001 3:41:04 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
dsentry.exe -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.77.023 | Size = 37888 bytes | Modified Date = 6/3/2003 10:50:00 AM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 10/16/2006 11:19:56 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 6/16/2004 5:03:04 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 12/31/2006 2:38:58 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.318 | Size = 221191 bytes | Modified Date = 2/14/2006 7:00:00 PM | Attr = ]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 110592 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
msgagt.exe -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> [Ver = Version 3.0 build 9 (08/08/2003) | Size = 610304 bytes | Modified Date = 8/20/2003 6:43:30 PM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 229376 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
ptssvc.exe -> %ProgramFiles%\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/31/2001 4:41:32 PM | Attr = ]
pxagent.exe -> %ProgramFiles%\Prevx1\PXAgent.exe -> Prevx [Ver = 2.0.12.1 | Size = 139264 bytes | Modified Date = 12/13/2006 12:39:54 PM | Attr = ]
pxconsole.exe -> %ProgramFiles%\Prevx1\PXConsole.exe -> Prevx [Ver = 1.0.0.1 | Size = 1507328 bytes | Modified Date = 12/13/2006 12:39:20 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/24/2005 11:02:52 AM | Attr = ]
retrorun.exe -> %ProgramFiles%\Retrospect\Retrospect Express HD 1.1\retrorun.exe -> EMC Dantz [Ver = 1.1.127 | Size = 73728 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
startupmonitor.exe -> %SystemRoot%\StartupMonitor.exe -> [Ver = | Size = 86016 bytes | Modified Date = 5/20/2000 4:23:48 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
uaservice7.exe -> %System32%\UAService7.exe -> Sony DADC Austria AG. [Ver = 1,1,0,0 | Size = 122880 bytes | Modified Date = 4/12/2005 7:49:32 PM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
vpngui.exe -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> Cisco Systems, Inc. [Ver = 4.6.04.0043 | Size = 1426424 bytes | Modified Date = 6/10/2005 8:00:02 PM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1004 | Size = 29184 bytes | Modified Date = 6/8/2006 7:00:00 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.8.0 | Size = 306176 bytes | Modified Date = 12/31/2006 7:47:16 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 5/15/2004 8:10:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.04.0043 | Size = 1422336 bytes | Modified Date = 6/10/2005 7:59:56 PM | Attr = ]
(Dcfssvc) Dcfssvc [Win32_Own | Auto | Running] -> %System32%\DRIVERS\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.3900.0 | Size = 153150 bytes | Modified Date = 5/10/2001 3:41:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.318 | Size = 221191 bytes | Modified Date = 2/14/2006 7:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1004 | Size = 29184 bytes | Modified Date = 6/8/2006 7:00:00 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(PREVXAgent) Prevx Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Prevx1\PXAgent.exe -> Prevx [Ver = 2.0.12.1 | Size = 139264 bytes | Modified Date = 12/13/2006 12:39:54 PM | Attr = ]
(ptssvc) ptssvc [Win32_Own | Auto | Running] -> %ProgramFiles%\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/31/2001 4:41:32 PM | Attr = ]
(RAIDmAgt) Promise RAID message agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> [Ver = Version 3.0 build 9 (08/08/2003) | Size = 610304 bytes | Modified Date = 8/20/2003 6:43:30 PM | Attr = ]
(RetroExp Helper) Retrospect Express HD Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe -> EMC Dantz [Ver = 1.1.127 | Size = 118784 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
(RetroExpLauncher) Retrospect Express HD Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Retrospect\Retrospect Express HD 1.1\retrorun.exe -> EMC Dantz [Ver = 1.1.127 | Size = 73728 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %System32%\UAService7.exe -> Sony DADC Austria AG. [Ver = 1,1,0,0 | Size = 122880 bytes | Modified Date = 4/12/2005 7:49:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 8/25/2004 12:52:00 PM | Attr = ]
CTDVDDet -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr = ]
CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 9:18:24 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
DVDSentry -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1131573657\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 7:24:16 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 221184 bytes | Modified Date = 6/16/2004 5:03:26 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 6/16/2004 5:03:04 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.77.018 | Size = 19968 bytes | Modified Date = 5/16/2003 10:50:00 AM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
MimBoot -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 11776 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 110592 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
PrevxOne -> %ProgramFiles%\Prevx1\PXConsole.exe -> Prevx [Ver = 1.0.0.1 | Size = 1507328 bytes | Modified Date = 12/13/2006 12:39:20 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
Run StartupMonitor -> %SystemRoot%\StartupMonitor.exe -> [Ver = | Size = 86016 bytes | Modified Date = 5/20/2000 4:23:48 PM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 12/31/2006 2:38:58 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/24/2005 11:02:52 AM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 1:01:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
SB Audigy 2 Startup Menu -> -> File not found
Sonic RecordNow! -> -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 10/16/2006 11:19:56 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/24/2005 1:05:26 AM | Attr = ]
%AllUsersStartup%\HPAiODevice(hp officejet k series) - 1.lnk -> %ProgramFiles%\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 151552 bytes | Modified Date = 5/23/2002 11:52:06 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.cnn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{2353FCBC-012D-487B-8BF3-865C0929FBEB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKLM] -> %AllUsersAppData%\Prevx\pxbho.dll [URLDetector Class] -> Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 1/10/2006 11:09:54 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.5.0.65 | Size = 786656 bytes | Modified Date = 12/9/2005 4:22:26 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 12/31/2006 2:39:00 PM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{8DB3D69D-DA5E-4165-B781-72A761790672} [HKLM] -> %System32%\BhoDshop.dll [DeskshopBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 3, 0, 3, 64 | Size = 69632 bytes | Modified Date = 10/30/2001 5:02:36 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.5.0.277 | Size = 848048 bytes | Modified Date = 2/6/2006 2:51:34 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 7/2/2005 8:16:36 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
{67970B26-F57D-4455-8262-81C3AE3B8B5E} [HKLM] -> %ProgramFiles%\NetSnippets\NetSnip.DLL [Net Snippets] -> Net Snippets LTD. [Ver = 3, 2, 0, 9 | Size = 1437696 bytes | Modified Date = 12/20/2004 9:58:20 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{1FA9B650-D1BC-4E43-96B3-13A32FC39732} -> 8193 - Reg Data - Key not found ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8199 - Reg Data - Value does not exist ->
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> 8197 - Reg Data - Key not found ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8198 - Yahoo! Messenger ->
{7130DF06-BBC1-4e16-83D4-1F875E65B695} -> 8196 - Reg Data - Value does not exist ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8198 - Uninstall BitDefender Online Scanner v8 ->
{9455301C-CF6B-11D3-A266-00C04F689C50} -> 8195 - Reg Data - Value does not exist ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8197 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->
{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8200 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 132744 bytes | Modified Date = 12/31/2006 2:38:58 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 12/31/2006 2:39:00 PM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{7130DF06-BBC1-4e16-83D4-1F875E65B695} -> Reg Data - Value does not exist [ButtonText: Snippets] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{9455301C-CF6B-11D3-A266-00C04F689C50} -> Reg Data - Value does not exist [ButtonText: Researcher] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} -> %ProgramFiles%\Secure Online Account Numbers\SOAN.exe [ButtonText: Secure Online Account Numbers] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 3, 3, 0 | Size = 196608 bytes | Modified Date = 8/2/2005 3:49:22 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
&Google Search -> Reg Data - Value does not exist -> File not found
Add to Net Snippets -> %ProgramFiles%\NetSnippets\Res\clipper.htm -> [Ver = | Size = 296 bytes | Modified Date = 10/2/2004 11:45:42 AM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
[HKLM] -> Reg Data - Key not found [] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> File not found
{7059DA7A-7E60-11d2-A355-00C04FB9D26E} [HKLM] -> %System32%\MXONmSpace.dll [Maxtor Locked Drives] -> [Ver = | Size = 102400 bytes | Modified Date = 8/26/2004 11:53:14 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> File not found
{A4DF5659-0801-4A60-9607-1C48695EFDA9} [HKLM] -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll [Share-to-Web Upload Folder] -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 131072 bytes | Modified Date = 7/3/2001 9:10:36 AM | Attr = ]
{acb4a560-3606-11d3-aef4-00104bd0f92d} [HKLM] -> %CommonProgramFiles%\KODAK\IFSCore\shellext.dll [KodakShellExtension] -> Eastman Kodak [Ver = 2.0.1200 | Size = 229435 bytes | Modified Date = 5/1/2001 7:24:08 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{CCA60260-A2C9-11D2-BA62-0020188191B2} [HKLM] -> rrShellX.dll [Registrar Registry Manager SHell Extension] -> File not found
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> %ProgramFiles%\Sonic\RecordNow!\shlext.dll [RecordNow! SendToExt] -> Sonic Solutions [Ver = 1.0.0.1 | Size = 77824 bytes | Modified Date = 8/13/2003 7:00:00 AM | Attr = ]
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> Reg Data - Key not found [Universal Plug and Play Devices] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2219 | Size = 49198 bytes | Modified Date = 12/24/2005 11:03:04 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> %ProgramFiles%\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} [HKLM] -> %ProgramFiles%\WordPerfect Office 11\Programs\PFSE110.DLL [QuickFinderMenu] -> Novell, Inc., c/o Corel Corporation Limited [Ver = 11.0.0.233 | Size = 90172 bytes | Modified Date = 3/7/2003 6:00:32 AM | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> %ProgramFiles%\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> %ProgramFiles%\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{06D2FF32-A6F7-4F2B-9688-FFB9CF12A645} -> () ->
{13CD2169-F9CB-401F-A841-11A4C20F3183} -> () ->
{34266FBC-6066-41CF-B700-E2DC201CD369} -> (Intel(R) PRO/100 VE Network Connection) ->
{B2C804BC-884B-4036-A9C4-463769CD15E2} -> (1394 Net Adapter) ->
{C5C35463-11E0-4266-877F-CA08BA22D0FF} -> 38.9.211.2,38.9.221.2 (Broadcom NetXtreme Gigabit Ethernet) ->
{D1222F18-85A4-4631-BF74-59DE61F33708} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000000-0000-0000-0000-000020040000} -> - CodeBase = ->
{00000075-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/voxacm.CAB ->
{01A88BB1-1174-41EC-ACCB-963509EAE56B} -> SysProWmi Class - CodeBase = http://support.dell.com/systemprofiler/SysPro.CAB ->
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> Creative Software AutoUpdate - CodeBase = http://www.creative.com/su/ocx/15015/CTSUEng.cab ->
{12589FA1-C456-11CE-BF01-10AA1055595A} -> - CodeBase = ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{1D9EFA3B-4E85-41A8-9092-14012CD447C9} -> NetCamPlayerWeb Control - CodeBase = http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> - CodeBase = http://www.symantec.com/techsupp/asa/LSSupCtl.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/Shar ... vSniff.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/ ... mv9VCM.CAB ->
{3451DEDE-631F-421C-8127-FD793AFC6CC8} -> ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsup ... mAData.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdat ... t/opuc.cab ->
{44990200-3C9D-426D-81DF-AAB636FA4345} -> Symantec SmartIssue - CodeBase = https://www-secure.symantec.com/techsup ... gctlsi.cab ->
{44990301-3C9D-426D-81DF-AAB636FA4345} -> Symantec Script Runner Class - CodeBase = https://www-secure.symantec.com/techsup ... gctlsr.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resourc ... oscan8.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/Shar ... /cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 6596693609 ->
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6} -> Groove Control - CodeBase = http://www.nick.com/common/groove/gx/GrooveAX27.cab ->
{7E9522CF-6B95-46D6-8E2F-7638F507313F} -> BLS_SpeedOP.systemcheck - CodeBase = http://www.fastaccess.drivers.bellsouth ... peedop.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promot ... r37840.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab ->
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> - CodeBase = ->
{94B82441-A413-4E43-8422-D49930E69764} -> - CodeBase = https://echat.us.dell.com/Media/Visitor ... EFlash.CAB ->
{9600F64D-755F-11D4-A47F-0001023E6D5A} -> Shutterfly Picture Upload Plugin - CodeBase = http://web1.shutterfly.com/downloads/Uploader.cab ->
{99B6E512-3893-4155-9964-8EB8E06099CB} -> WebSpyWareKiller Class - CodeBase = http://download.zonelabs.com/bin/promot ... WebSWK.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab ->
{9FC87BC7-7963-4B70-8485-B1A41034C9A1} -> CSonyPicturesGameDownloaderCtl Object - CodeBase = http://www.shockwave.com/content/angelx ... loader.cab ->
{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -> - CodeBase = ->
{B9191F79-5613-4C76-AA2A-398534BB8999} -> - CodeBase = http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab ->
{B942A249-D1E7-4C11-98AE-FCB76B08747F} -> - CodeBase = ->
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> Toontown Installer ActiveX Control - CodeBase = http://download.toontown.com/sv1.0.14.47/ttinst.cab ->
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} -> Virtools WebPlayer Class - CodeBase = http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe ->
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.0 - CodeBase = http://java.sun.com/update/1.4.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> - CodeBase = ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -> Live365Player Class - CodeBase = http://www.live365.com/players/play365.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsup ... mAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/sh ... wflash.cab ->
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -> Yahoo! Webcam Viewer Wrapper - CodeBase = http://chat.yahoo.com/cab/yvwrctl.cab ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> Creative Software AutoUpdate Support Package - CodeBase = http://www.creative.com/su/ocx/15016/CTPID.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files - Created Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072750592 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 867 bytes | Created Date = 12/16/2006 10:16:35 PM | Attr = H ]
Uninstall.exe -> %CommonProgramFiles%\Nullsoft\ActiveX\2.6\Uninstall.exe -> [Ver = | Size = 32675 bytes | Created Date = 12/16/2006 10:17:07 PM | Attr = ]
autoexec.nt -> %System32%\autoexec.nt -> [Ver = | Size = 1688 bytes | Created Date = 12/25/2006 10:00:07 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 12/31/2006 2:39:15 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 12/31/2006 2:39:15 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 12/31/2006 2:39:15 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 12/31/2006 2:39:15 PM | Attr = ]
REN1B.tmp -> %System32%\REN1B.tmp -> [Ver = | Size = 0 bytes | Created Date = 12/31/2006 2:12:01 PM | Attr = ]
REN1C.tmp -> %System32%\REN1C.tmp -> [Ver = | Size = 0 bytes | Created Date = 12/31/2006 2:12:01 PM | Attr = ]
rrsec.dll -> %System32%\rrsec.dll -> [Ver = | Size = 112640 bytes | Created Date = 12/25/2006 7:47:13 PM | Attr = ]
rrsec2k.exe -> %System32%\rrsec2k.exe -> [Ver = | Size = 90151 bytes | Created Date = 12/25/2006 7:47:13 PM | Attr = ]
rrSpy.sys -> %System32%\rrSpy.sys -> Resplendence [Ver = 2.00 built by: WinDDK | Size = 21888 bytes | Created Date = 12/25/2006 7:47:33 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/23/2006 5:41:34 PM | Attr = ]
pxcom.sys -> %System32%\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7552 bytes | Created Date = 12/23/2006 12:16:18 PM | Attr = ]
PxEmu.sys -> %System32%\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 100864 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxfsf.sys -> %System32%\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 274688 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxinst.dll -> %System32%\drivers\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7680 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxrd.sys -> %System32%\drivers\pxrd.sys -> [Ver = | Size = 13568 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxscinst.dll -> %System32%\drivers\pxscinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 9728 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxscrmbl.sys -> %System32%\drivers\pxscrmbl.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 11648 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxtdi.sys -> %System32%\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 18560 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
rrspy.sys -> %System32%\drivers\rrspy.sys -> Resplendence [Ver = 2.00 built by: WinDDK | Size = 21888 bytes | Created Date = 12/25/2006 7:47:13 PM | Attr = ]
rrspy64.sys -> %System32%\drivers\rrspy64.sys -> Resplendence [Ver = 2.00 built by: WinDDK | Size = 23552 bytes | Created Date = 12/25/2006 7:47:13 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 12/23/2006 1:08:15 AM | Attr = ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072750592 bytes | Modified Date = 12/31/2006 7:01:22 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 867 bytes | Modified Date = 12/16/2006 10:17:30 PM | Attr = H ]
tbunins.exe -> %CommonProgramFiles%\AOL\AOLDiag\tbunins.exe -> AOL LLC [Ver = 3.3.11.1 | Size = 88673 bytes | Modified Date = 12/16/2006 10:16:52 PM | Attr = ]
Clean.dat -> %CommonProgramFiles%\Network Associates\Engine\Clean.dat -> [Ver = | Size = 997483 bytes | Modified Date = 12/29/2006 5:10:00 AM | Attr = ]
Names.dat -> %CommonProgramFiles%\Network Associates\Engine\Names.dat -> [Ver = | Size = 747462 bytes | Modified Date = 12/29/2006 5:10:00 AM | Attr = ]
Scan.dat -> %CommonProgramFiles%\Network Associates\Engine\Scan.dat -> [Ver = | Size = 8089031 bytes | Modified Date = 12/29/2006 5:10:00 AM | Attr = ]
ocpiman.ini -> %CommonProgramFiles%\AOL\1131573657\ee\ocpiman.ini -> [Ver = | Size = 555 bytes | Modified Date = 12/16/2006 10:17:08 PM | Attr = ]
CLEAN.DAT -> %CommonProgramFiles%\Network Associates\Engine\OldDats\CLEAN.DAT -> [Ver = | Size = 997098 bytes | Modified Date = 12/28/2006 5:10:00 AM | Attr = ]
NAMES.DAT -> %CommonProgramFiles%\Network Associates\Engine\OldDats\NAMES.DAT -> [Ver = | Size = 747377 bytes | Modified Date = 12/28/2006 5:10:00 AM | Attr = ]
SCAN.DAT -> %CommonProgramFiles%\Network Associates\Engine\OldDats\SCAN.DAT -> [Ver = | Size = 8084383 bytes | Modified Date = 12/28/2006 5:10:00 AM | Attr = ]
TalkBack.ini -> %CommonProgramFiles%\Network Associates\TalkBack\Data\TalkBack.ini -> [Ver = | Size = 35 bytes | Modified Date = 12/16/2006 12:02:34 PM | Attr = ]
Uninstall.exe -> %CommonProgramFiles%\Nullsoft\ActiveX\2.6\Uninstall.exe -> [Ver = | Size = 32675 bytes | Modified Date = 12/16/2006 10:17:08 PM | Attr = ]
MAPISVC.INF -> %CommonProgramFiles%\System\Mapi\1033\MAPISVC.INF -> [Ver = | Size = 8305 bytes | Modified Date = 12/25/2006 8:26:00 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 12/31/2006 7:01:22 PM | Attr = S]
MsgAgt.INI -> %SystemRoot%\MsgAgt.INI -> [Ver = | Size = 64 bytes | Modified Date = 12/31/2006 7:01:54 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 12/14/2006 8:01:06 PM | Attr = ]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 12/31/2006 5:02:18 PM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 903 bytes | Modified Date = 12/4/2006 11:42:00 PM | Attr = ]
{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> %SystemRoot%\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> [Ver = | Size = 4932148 bytes | Modified Date = 1/1/2007 1:14:04 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/4/2006 11:42:06 PM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> %System32%\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> %System32%\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/25/2006 8:01:02 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 12/31/2006 2:38:56 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 12/31/2006 2:38:56 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 12/31/2006 2:38:58 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 12/31/2006 2:38:58 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/4/2006 11:42:06 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 12/25/2006 8:01:02 PM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 53436 bytes | Modified Date = 12/31/2006 7:06:00 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 381692 bytes | Modified Date = 12/31/2006 7:06:00 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 441454 bytes | Modified Date = 12/31/2006 7:06:00 PM | Attr = ]
REN1B.tmp -> %System32%\REN1B.tmp -> [Ver = | Size = 0 bytes | Modified Date = 12/31/2006 2:12:02 PM | Attr = ]
REN1C.tmp -> %System32%\REN1C.tmp -> [Ver = | Size = 0 bytes | Modified Date = 12/31/2006 2:12:02 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 12/31/2006 7:00:46 PM | Attr = ]
Sweeper.cfg -> %System32%\Sweeper.cfg -> [Ver = | Size = 0 bytes | Modified Date = 12/31/2006 7:01:20 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/25/2006 8:01:02 PM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 1/1/2007 11:25:00 AM | Attr = ]
pxcom.sys -> %System32%\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7552 bytes | Modified Date = 12/8/2006 1:36:14 PM | Attr = ]
PxEmu.sys -> %System32%\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 100864 bytes | Modified Date = 12/8/2006 1:36:20 PM | Attr = ]
pxfsf.sys -> %System32%\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 274688 bytes | Modified Date = 12/8/2006 1:36:14 PM | Attr = ]
pxinst.dll -> %System32%\drivers\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7680 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxscinst.dll -> %System32%\drivers\pxscinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 9728 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxscrmbl.sys -> %System32%\drivers\pxscrmbl.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 11648 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxtdi.sys -> %System32%\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 18560 bytes | Modified Date = 12/8/2006 1:36:16 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 12/23/2006 1:06:58 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> %CommonProgramFiles%\AOL\1131573657\ee\ocpinst.log -> [Ver = | Size = 92868 bytes | Modified Date = 11/3/2006 11:28:28 PM | Attr = ]
aspack , -> %CommonProgramFiles%\AOL\1131573657\ee\services\boxelyToolkit\ver1_5_11_4\content\gadgets.box -> [Ver = | Size = 1962 bytes | Modified Date = 6/22/2006 5:41:04 PM | Attr = ]
aspack , -> %CommonProgramFiles%\AOL\1131573657\ee\services\boxelyToolkit\ver1_5_11_4\content\extrasPack\extraGadgets.box -> [Ver = | Size = 2408 bytes | Modified Date = 6/22/2006 5:41:06 PM | Attr = ]
Thawte Consulting , USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.6.0.b105\core3.zip -> [Ver = | Size = 4868848 bytes | Modified Date = 11/29/2006 3:41:36 AM | Attr = ]
WSUD , -> %CommonProgramFiles%\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 1/12/1999 11:29:28 AM | Attr = ]
UPX0 , -> %CommonProgramFiles%\Network Associates\Engine\McScan32.dll -> McAfee, Inc. [Ver = 5.1.00 | Size = 2867438 bytes | Modified Date = 7/10/2006 5:10:00 AM | Attr = ]
UPX0 , -> %CommonProgramFiles%\Network Associates\Engine\OldEngine\MCSCAN32.Sav -> McAfee, Inc. [Ver = 4.4.00 | Size = 1949766 bytes | Modified Date = 10/7/2004 3:40:00 AM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 8/9/2003 6:36:56 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 12/24/2005 11:03:16 AM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 126, 3 | Size = 559784 bytes | Modified Date = 12/24/2005 11:03:16 AM | Attr = ]
PECompact2 , -> %SystemRoot%\LPT$VPN.174 -> [Ver = | Size = 9780504 bytes | Modified Date = 9/17/2004 6:47:58 PM | Attr = ]
PECompact2 , -> %SystemRoot%\VPTNFILE.174 -> [Ver = | Size = 9780504 bytes | Modified Date = 9/17/2004 6:47:58 PM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.000-1004 | Size = 1036800 bytes | Modified Date = 5/14/2004 10:07:58 PM | Attr = ]
Thawte Consulting , -> %System32%\CSGina.dll -> [Ver = | Size = 177152 bytes | Modified Date = 6/10/2005 7:59:54 PM | Attr = ]
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
abetterinternet.com , -> %System32%\fiz11 -> [Ver = | Size = 29258 bytes | Modified Date = 3/5/2004 11:53:44 PM | Attr = H ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 9/8/2003 1:13:26 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » January 1st, 2007, 3:12 pm

start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2353FCBC-012D-487B-8BF3-865C0929FBEB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[HKLM]
YN -> {00000000-0000-0000-0000-000020040000} -> - CodeBase =
YN -> {12589FA1-C456-11CE-BF01-10AA1055595A} -> - CodeBase =
YN -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> - CodeBase =
YN -> {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -> - CodeBase =
YN -> {B942A249-D1E7-4C11-98AE-FCB76B08747F} -> - CodeBase =
YN -> {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.0 - CodeBase = http://java.sun.com/update/1.4.0/jinsta ... s-i586.cab
YN -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> - CodeBase =

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post back the WinPFind3U report and a fresh HijackThis log please. Please let me know how the computer is running now.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

follow up

Unread postby Lido » January 7th, 2007, 6:31 pm

When I put in the items you requested to WinPFind, the top part quickly goes away and the following stays on the screen and WinP hangs up. The hour glass shows and doesn't go away. Thus no report.

YN -> {00000000-0000-0000-0000-000020040000} -> - CodeBase =
YN -> {12589FA1-C456-11CE-BF01-10AA1055595A} -> - CodeBase =
YN -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> - CodeBase =
YN -> {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -> - CodeBase =
YN -> {B942A249-D1E7-4C11-98AE-FCB76B08747F} -> - CodeBase =
YN -> {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.0 - CodeBase = http://java.sun.com/update/1.4.0/jinsta ... s-i586.cab
YN -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> - CodeBase =

#############HiJack Scan:

Scan saved at 5:25:59 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim6\anotify.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} -
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} -
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » January 7th, 2007, 8:40 pm

Hi,

You'll need to disable the following programs so that they will not interfere with the fix:

Open AVG Anti Spyware.
Under 'Status',click on "change status" to make it 'inactive'. Once your log is clean you can re-enable it.

***********

  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor
Once your log is clean you can re-enable Spyware Doctor.

***********

  • Open Spybot Search & Destroy.
  • In the Mode menu, click Advanced mode if not already selected.
  • Click Yes at the Warning prompt.
  • Click the Tools menu.
  • Click Resident.
  • Uncheck Resident "TeaTimer" (Protection of overall system settings) active.
  • Click Exit in the File menu to exit Spybot Search & Destroy.

Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by SpyBot's TeaTimer.
Once its ran delete it, it will not be needed again

***********

Disable Prevx1, the same way you did before.

======================

Scan with HijackThis and put a checkmark against the following entries:

O16 - DPF: {00000000-0000-0000-0000-000020040000} -
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -


Make sure that all browsers and windows are closed, including this one. Now, click on "fix checked".

======================

Reboot. If any of your security tools alerts you about the changes, please allow it.

======================

Post a fresh HijackThis log please.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

ok

Unread postby Lido » January 7th, 2007, 9:25 pm

Here is new HiJ log. By the way, I th pc is running much better. No more blue screens. I haven't checked speed at DSL Reports.

Logfile of HijackThis v1.99.1
Scan saved at 8:21:05 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » January 7th, 2007, 10:00 pm

Hi Lido,

It's a clean log. :) Now that your problems seem to have been resolved, we can go ahead and make your system more secure. Let's do some tidying up first. You can delete the following from your desktop now.


ComboFix
WinPFind3u
Dr.WebCurit
ResetTeaTimer.bat
, if you haven't already.

Remove the following program via Add/Remove Programs in Control Panel:

Registrar Lite

Empty your Recycle bin.

=============================

Since AVG Anti Spyware is a trial version, the realtime guard and automatic update will stop functioning after the trial period. That is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use AVG-AS as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan.

Ccleaner is also a useful tool to keep. You can use it to clean your temp folders and cookies on a regular basis.

=============================

Remember to hide your system files again.

Start>My Computer>Tools>Folder Options>View
Under the Hidden files and Folders heading uncheck Show hidden files and folders.
check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
check the Hide file extensions for known file types.
Click OK.

Disable and Enable System Restore It's a good idea to Flush your System Restore points after ridding yourself of malware to make sure there are no infected files found in a restore point. Because Windows regularly sets restorepoints, it's very possible that the malware, you have removed, is still present in the System Restore. If you put Windows back to such a restorepoint, this malware will be put back, as well.

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name, and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.


This will remove all previous restore points except the newly created one.

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got an antivirus, you can download and install one of the following ones wh;ich are free for personal use: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AVG Free here
AntiVir here
Avast here

It is essential to keep the anti-virus program fully updated.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them already):
AdAware here
Spybot here Remember to "immunize" after each update
Windows Defender here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall here
Outpost here
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer.
SiteHound will alert you when you enter a site which is known to contain:
· Fraudulent claims or scams
· Offensive material
· Security vulnerabilities
· Spyware or Adware
· Spam related material
· or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

o Adult o Spyware o Spam Advertising o Phishing o Possible scam or fraud o Misleading or False Advertising
o Pharming o Rogue or Suspect Product o Adware o Malware or Virus

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

thanks

Unread postby Lido » January 7th, 2007, 10:14 pm

Will do. You are the best!
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » January 7th, 2007, 10:17 pm

Glad we were able to help. Stay safe! :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby NonSuch » January 13th, 2007, 5:13 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27215
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware