Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New Member: Drowning in Malware-Pls Analyze my HJT Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 12th, 2008, 1:12 am

The Recovery Console was successfully installed after running combofix and HJT.
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm
Advertisement
Register to Remove

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby mjq424 » August 12th, 2008, 4:09 pm

Hi
There are a lot of infected files on your computer, hidden all over the place.

Uninstall Rogue Programs
Click Start > Control Panel
Click Add/Remove Programs
Remove the following (if found):
    Regcure

After they have been removed, restart your PC

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

NOTE: I also advise that you remove both Advanced Registry Optimizer and Ask Toolbar using the above method. The first as we do not recommend registry "fixing" tools as they can ruin the registry which causes your computer to stop working. The Ask Toolbar does provide some targetted adverts.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=33474

File::
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job

Folder::
C:\Program Files\RegCure
C:\Documents and Settings\Robert Masiak\WINDOWS
C:\Program Files\rjtneeg
C:\Program Files\xkrevvf
C:\Program Files\ngurrd
C:\Documents and Settings\All Users\Application Data\jkxqfwxc

Collect::[4]
C:\WINDOWS\system32\agabofu.pif
C:\WINDOWS\system32\wujipucih.db
C:\WINDOWS\osyde._sy
C:\WINDOWS\system32\orycocuq.vbs
C:\WINDOWS\qyto.vbs
C:\WINDOWS\fani.com
C:\Documents and Settings\All Users\Application Data\sizano.pif
C:\WINDOWS\pogipadu._sy
C:\Program Files\Common Files\vutuca.exe
C:\WINDOWS\veko.inf
C:\WINDOWS\nirax.sys
C:\WINDOWS\wiboxo.bin
C:\Documents and Settings\Susan Luling\Application Data\gaka.vbs
C:\WINDOWS\system32\cuqimowetu.dat
C:\Program Files\Common Files\yxyjeky.com
C:\WINDOWS\ajihyg.bat
C:\Documents and Settings\Susan Luling\Application Data\fatamurizy.bat
C:\Documents and Settings\Susan Luling\Application Data\ruwily.exe
C:\Program Files\Common Files\ywiho.bin
C:\Documents and Settings\All Users\Application Data\lupoc.scr
C:\Documents and Settings\All Users\Application Data\gedamyvin.dll
C:\Program Files\Common Files\tavavek.com
C:\WINDOWS\Klmamsqo.ini
C:\Program Files\Common Files\vuqiz.lib
C:\Program Files\Common Files\yxewy._dl
C:\WINDOWS\system32\ejixihav.bat
C:\Program Files\Common Files\gamig.lib
C:\WINDOWS\agowaqoco.dll
C:\WINDOWS\yxogohery.sys
C:\WINDOWS\lyvyrypiv.scr
C:\Documents and Settings\Robert Masiak\Application Data\wklnhst.dat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDActiveMonitor"=-

Driver::
SDActMon



Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 12th, 2008, 10:10 pm

Hi~

I removed Regcure which I actually BOUGHT so I am surprised that it is considered a Rogue Program. Removal was fast and easy

I removed Advanced Registry Optimizer, also fast & easy.

The Ask Toolbar would not allow me to remove it. Everytime I tried to remove it I got a popup that said: RUNDLL X Error Loading C:\PROGRA~1\AskSBar\bar\1.bin\ASKSBAR.dll

So---I let that one slide and moved on to copying the Text provided by you...saving as
CFScript.txt and dragging her on into ComboFix. Here is the result:
***********************************************************
ComboFix 08-08-12.01 - Admin 2008-08-12 21:03:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Program Files\Trend Micro\HijackThis\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\gedamyvin.dll
C:\Documents and Settings\All Users\Application Data\jkxqfwxc
C:\Documents and Settings\All Users\Application Data\jkxqfwxc\jqditqha.exe.bak
C:\Documents and Settings\All Users\Application Data\lupoc.scr
C:\Documents and Settings\All Users\Application Data\sizano.pif
C:\Documents and Settings\Robert Masiak\Application Data\wklnhst.dat
C:\Documents and Settings\Robert Masiak\WINDOWS
C:\Documents and Settings\Susan Luling\Application Data\fatamurizy.bat
C:\Documents and Settings\Susan Luling\Application Data\gaka.vbs
C:\Documents and Settings\Susan Luling\Application Data\ruwily.exe
C:\Program Files\Common Files\gamig.lib
C:\Program Files\Common Files\tavavek.com
C:\Program Files\Common Files\vuqiz.lib
C:\Program Files\Common Files\vutuca.exe
C:\Program Files\Common Files\ywiho.bin
C:\Program Files\Common Files\yxewy._dl
C:\Program Files\Common Files\yxyjeky.com
C:\Program Files\ngurrd
C:\Program Files\rjtneeg
C:\Program Files\xkrevvf
C:\Program Files\xkrevvf\winproc.dll
C:\WINDOWS\agowaqoco.dll
C:\WINDOWS\ajihyg.bat
C:\WINDOWS\fani.com
C:\WINDOWS\Klmamsqo.ini
C:\WINDOWS\lyvyrypiv.scr
C:\WINDOWS\nirax.sys
C:\WINDOWS\osyde._sy
C:\WINDOWS\pogipadu._sy
C:\WINDOWS\qyto.vbs
C:\WINDOWS\system32\agabofu.pif
C:\WINDOWS\system32\cuqimowetu.dat
C:\WINDOWS\system32\ejixihav.bat
C:\WINDOWS\system32\orycocuq.vbs
C:\WINDOWS\system32\wujipucih.db
C:\WINDOWS\veko.inf
C:\WINDOWS\wiboxo.bin
C:\WINDOWS\yxogohery.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SDACTMON
-------\Service_SDActMon


((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-10 16:25 . 2008-08-10 16:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 16:25 . 2008-08-10 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 16:25 . 2008-08-10 16:25 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-08-10 16:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 16:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 15:18 . 2008-08-10 15:18 70,352 --a------ C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2008-08-06 19:24 . 2008-08-06 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 00:05 . 2008-08-05 00:06 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-08-05 00:04 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-08-03 23:38 . 2008-08-03 23:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-03 23:20 . 2008-08-03 23:20 <DIR> d-------- C:\Program Files\AskSBar
2008-08-03 17:55 . 2008-08-05 00:05 <DIR> d-------- C:\Program Files\Webroot
2008-08-03 17:55 . 2008-08-10 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-03 17:55 . 2008-08-10 15:48 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-08-03 17:54 . 2008-08-03 23:20 164 --a------ C:\install.dat
2008-08-03 13:35 . 2008-08-03 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-02 17:08 . 2008-08-04 17:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 07:30 . 2008-08-02 07:30 <DIR> d-------- C:\Program Files\Avira
2008-08-02 07:30 . 2008-08-02 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-02 00:53 . 2008-08-02 00:53 19,679 --a------ C:\Documents and Settings\All Users\Application Data\oxycinid.bin
2008-08-02 00:53 . 2008-08-02 00:53 17,006 --a------ C:\Documents and Settings\All Users\Application Data\iqoqac.dat
2008-08-02 00:28 . 2008-08-02 00:28 <DIR> d-------- C:\Documents and Settings\Susan Luling\Application Data\TmpRecentIcons
2008-08-02 00:24 . 2008-08-02 00:24 19,255 --a------ C:\WINDOWS\system32\agikoka.dat
2008-08-02 00:24 . 2008-08-02 00:24 17,395 --a------ C:\WINDOWS\lypuq.ban
2008-08-02 00:24 . 2008-08-02 00:24 16,362 --a------ C:\WINDOWS\ceky.lib
2008-08-02 00:24 . 2008-08-02 00:24 16,305 --a------ C:\WINDOWS\ujyxizurym.inf
2008-08-02 00:24 . 2008-08-02 00:24 16,301 --a------ C:\WINDOWS\system32\obosijejin.dl
2008-08-02 00:24 . 2008-08-02 00:24 14,073 --a------ C:\WINDOWS\system32\cujucyruha._sy
2008-08-02 00:24 . 2008-08-02 00:24 12,294 --a------ C:\WINDOWS\system32\qekywubegi.lib
2008-08-02 00:06 . 2008-08-02 17:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 00:06 . 2008-08-02 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 23:24 . 2008-08-11 21:12 <DIR> d-------- C:\Documents and Settings\Robert Masiak\Application Data\TmpRecentIcons
2008-07-28 16:44 . 2008-07-28 16:44 166,512 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-28 16:44 . 2008-07-28 16:44 29,808 --a------ C:\WINDOWS\system32\drivers\ssfs0bbc.sys
2008-07-28 16:44 . 2008-07-28 16:44 23,152 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-27 14:07 . 2008-07-27 14:07 <DIR> d-------- C:\Program Files\KLM Royal Dutch Airlines
2008-07-22 23:21 . 2008-08-02 11:29 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\eBay
2008-07-21 10:42 . 2008-07-21 10:42 <DIR> d-------- C:\Documents and Settings\Susan Luling\Application Data\Sunbelt Software
2008-07-21 02:19 . 2008-07-21 02:19 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-21 02:19 . 2008-07-21 02:19 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-21 01:55 . 2008-07-21 01:55 <DIR> d-------- C:\Documents and Settings\Robert Masiak\Application Data\Sunbelt Software
2008-07-19 15:29 . 2008-07-19 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-19 15:28 . 2008-07-19 15:28 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-07-19 15:28 . 2008-07-20 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-19 13:32 . 2008-08-02 07:54 <DIR> d-------- C:\Program Files\SpyZooka
2008-07-19 12:45 . 2008-07-19 12:45 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-15 16:13 . 2008-08-09 01:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-15 16:13 . 2008-07-15 16:13 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 16:29 --------- d-----w C:\Program Files\eBay
2008-08-02 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2008-08-02 16:27 --------- d-----w C:\Documents and Settings\Robert Masiak\Application Data\Lavasoft
2008-08-02 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-02 15:02 --------- d-----w C:\Program Files\HP
2008-08-02 15:02 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-23 00:49 --------- d-----w C:\Program Files\SpywareDetector
2008-07-21 15:35 --------- d-----w C:\Program Files\MagicISO
2008-07-03 20:28 70,352 ----a-w C:\Documents and Settings\Susan Luling\Application Data\GDIPFONTCACHEV1.DAT
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 19:07 --------- d-----w C:\Program Files\WebEx
2008-06-13 19:07 --------- d-----w C:\Documents and Settings\Susan Luling\Application Data\webex
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-09 05:21 70,352 ----a-w C:\Documents and Settings\Robert Masiak\Application Data\GDIPFONTCACHEV1.DAT
2007-11-06 05:17 4,214,196 ----a-w C:\Documents and Settings\Robert Masiak\WDSyncV6.zip
2007-06-14 15:39 4,907,520 ----a-w C:\Documents and Settings\Robert Masiak\WDSync_v6_3_130.exe
2006-12-10 03:25 88 --sh--r C:\WINDOWS\system32\0E7226A71C.sys
2006-12-10 03:25 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-03 23:20 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 21:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 09:36 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 14:47 1206600]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 04:40 24576 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-23 12:12 7630848]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2006-08-23 12:12 1617920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-23 12:12 86016]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"SigmatelSysTrayApp"="C:\WINDOWS\stsystra.exe" [2006-08-15 02:38 282624]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-13 18:21 169984]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-13 18:16 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-14 00:31 185896]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Kernel and Hardware Abstraction Layer"="C:\WINDOWS\KHALMNPR.EXE" [2007-11-29 03:17 55824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"MBMon"="CTMBHA.DLL" [2006-06-28 23:12 1355042 C:\WINDOWS\system32\CTMBHA.DLL]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-23 12:43:35 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Billminder.lnk - C:\Program Files\Quicken\billmind.exe [2002-07-30 15:02:26 36864]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-13 18:10:56 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-14 20:20:49 789008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-07-30 15:02:40 53248]
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [2002-07-30 15:02:42 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-07-28 16:44]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 21:08:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Admin\LOCALS~1\temp\clclean.0001
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-08-12 21:13:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 02:13:32
ComboFix2.txt 2008-08-12 02:03:13
ComboFix3.txt 2008-08-12 00:18:50

Pre-Run: 45,194,711,040 bytes free
Post-Run: 45,182,980,096 bytes free

253 --- E O F --- 2008-08-12 13:46:21
Last edited by Lakota on August 12th, 2008, 10:21 pm, edited 1 time in total.
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 12th, 2008, 10:20 pm

P.S.~

ComboFix has asked me to submit one malware infected file for further inspection to BleepingComputer.com

C:\Documents and Settings\Admin\Desktop.\[4]-Submit_2008-08-12@21.02.zip

This file was successfully submitted.
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby mjq424 » August 14th, 2008, 3:08 am

Hi
Well done. I think we're getting there!

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\Documents and Settings\All Users\Application Data\oxycinid.bin
C:\Documents and Settings\All Users\Application Data\iqoqac.dat
C:\WINDOWS\system32\agikoka.dat
C:\WINDOWS\lypuq.ban
C:\WINDOWS\ceky.lib
C:\WINDOWS\ujyxizurym.inf
C:\WINDOWS\system32\obosijejin.dl
C:\WINDOWS\system32\cujucyruha._sy
C:\WINDOWS\system32\qekywubegi.lib

Folder::
C:\Program Files\AskSBar
C:\Program Files\SpyZooka

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]



Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 14th, 2008, 3:43 pm

Hi Matt~

You did not ask me to post the ComboFix log (?) Your directives only asks that I post the HJT Log. However, I am going to post the ComboFix Log as well as the HJT Log.
****************************************************************

ComboFix Log:

ComboFix 08-08-13.05 - Admin 2008-08-14 14:40:28.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Program Files\Trend Micro\HijackThis\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\iqoqac.dat
C:\Documents and Settings\All Users\Application Data\oxycinid.bin
C:\WINDOWS\ceky.lib
C:\WINDOWS\lypuq.ban
C:\WINDOWS\system32\agikoka.dat
C:\WINDOWS\system32\cujucyruha._sy
C:\WINDOWS\system32\obosijejin.dl
C:\WINDOWS\system32\qekywubegi.lib
C:\WINDOWS\ujyxizurym.inf
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\iqoqac.dat
C:\Documents and Settings\All Users\Application Data\oxycinid.bin
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\0002C8A5
C:\Program Files\AskSBar\bar\Cache\0002E4F7
C:\Program Files\AskSBar\bar\Cache\0002F795.bin
C:\Program Files\AskSBar\bar\Cache\0002FDBF.bin
C:\Program Files\AskSBar\bar\Cache\0003063B.bin
C:\Program Files\AskSBar\bar\Cache\00030B3C.bin
C:\Program Files\AskSBar\bar\Cache\000316E4.bin
C:\Program Files\AskSBar\bar\Cache\00031C34.bin
C:\Program Files\AskSBar\bar\Cache\00032164.bin
C:\Program Files\AskSBar\bar\Cache\00032EF1.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\SpyZooka
C:\Program Files\SpyZooka\bugreport.txt
C:\Program Files\SpyZooka\spyzknt.exe
C:\WINDOWS\ceky.lib
C:\WINDOWS\lypuq.ban
C:\WINDOWS\system32\agikoka.dat
C:\WINDOWS\system32\cujucyruha._sy
C:\WINDOWS\system32\obosijejin.dl
C:\WINDOWS\system32\qekywubegi.lib
C:\WINDOWS\ujyxizurym.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-13 16:15 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 16:25 . 2008-08-10 16:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 16:25 . 2008-08-10 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 16:25 . 2008-08-10 16:25 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-08-10 16:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 16:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 15:18 . 2008-08-10 15:18 70,352 --a------ C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2008-08-06 19:24 . 2008-08-06 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 00:05 . 2008-08-05 00:06 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-08-05 00:04 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-08-03 23:38 . 2008-08-03 23:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-03 17:55 . 2008-08-05 00:05 <DIR> d-------- C:\Program Files\Webroot
2008-08-03 17:55 . 2008-08-10 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-03 17:55 . 2008-08-10 15:48 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-08-03 17:54 . 2008-08-03 23:20 164 --a------ C:\install.dat
2008-08-03 13:35 . 2008-08-03 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-02 17:08 . 2008-08-04 17:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 07:30 . 2008-08-02 07:30 <DIR> d-------- C:\Program Files\Avira
2008-08-02 07:30 . 2008-08-02 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-02 00:28 . 2008-08-02 00:28 <DIR> d-------- C:\Documents and Settings\Susan Luling\Application Data\TmpRecentIcons
2008-08-02 00:06 . 2008-08-02 17:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 00:06 . 2008-08-02 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 23:24 . 2008-08-11 21:12 <DIR> d-------- C:\Documents and Settings\Robert Masiak\Application Data\TmpRecentIcons
2008-07-28 16:44 . 2008-07-28 16:44 166,512 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-28 16:44 . 2008-07-28 16:44 29,808 --a------ C:\WINDOWS\system32\drivers\ssfs0bbc.sys
2008-07-28 16:44 . 2008-07-28 16:44 23,152 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-27 14:07 . 2008-07-27 14:07 <DIR> d-------- C:\Program Files\KLM Royal Dutch Airlines
2008-07-22 23:21 . 2008-08-02 11:29 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\eBay
2008-07-21 10:42 . 2008-07-21 10:42 <DIR> d-------- C:\Documents and Settings\Susan Luling\Application Data\Sunbelt Software
2008-07-21 02:19 . 2008-07-21 02:19 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-21 02:19 . 2008-07-21 02:19 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-21 01:55 . 2008-07-21 01:55 <DIR> d-------- C:\Documents and Settings\Robert Masiak\Application Data\Sunbelt Software
2008-07-19 15:29 . 2008-07-19 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-19 15:28 . 2008-07-19 15:28 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-07-19 15:28 . 2008-07-20 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-19 12:45 . 2008-07-19 12:45 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-15 16:13 . 2008-08-09 01:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-15 16:13 . 2008-07-15 16:13 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 16:29 --------- d-----w C:\Program Files\eBay
2008-08-02 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2008-08-02 16:27 --------- d-----w C:\Documents and Settings\Robert Masiak\Application Data\Lavasoft
2008-08-02 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-02 15:02 --------- d-----w C:\Program Files\HP
2008-08-02 15:02 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-23 00:49 --------- d-----w C:\Program Files\SpywareDetector
2008-07-21 15:35 --------- d-----w C:\Program Files\MagicISO
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-03 20:28 70,352 ----a-w C:\Documents and Settings\Susan Luling\Application Data\GDIPFONTCACHEV1.DAT
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-09 05:21 70,352 ----a-w C:\Documents and Settings\Robert Masiak\Application Data\GDIPFONTCACHEV1.DAT
2007-11-06 05:17 4,214,196 ----a-w C:\Documents and Settings\Robert Masiak\WDSyncV6.zip
2007-06-14 15:39 4,907,520 ----a-w C:\Documents and Settings\Robert Masiak\WDSync_v6_3_130.exe
2006-12-10 03:25 88 --sh--r C:\WINDOWS\system32\0E7226A71C.sys
2006-12-10 03:25 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-12_21.13.15.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 03:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-07-14 17:57:03 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-14 13:11:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-14 17:57:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-14 13:11:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-14 17:57:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-14 13:11:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-24 03:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 15:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 21:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 09:36 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 14:47 1206600]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 04:40 24576 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-23 12:12 7630848]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2006-08-23 12:12 1617920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-23 12:12 86016]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"SigmatelSysTrayApp"="C:\WINDOWS\stsystra.exe" [2006-08-15 02:38 282624]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-13 18:21 169984]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-13 18:16 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-14 00:31 185896]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Kernel and Hardware Abstraction Layer"="C:\WINDOWS\KHALMNPR.EXE" [2007-11-29 03:17 55824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"MBMon"="CTMBHA.DLL" [2006-06-28 23:12 1355042 C:\WINDOWS\system32\CTMBHA.DLL]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-23 12:43:35 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Billminder.lnk - C:\Program Files\Quicken\billmind.exe [2002-07-30 15:02:26 36864]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-13 18:10:56 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-14 20:20:49 789008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-07-30 15:02:40 53248]
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [2002-07-30 15:02:42 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-07-28 16:44]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 14:45:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Admin\LOCALS~1\temp\clclean.0001
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-08-14 14:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 19:51:04
ComboFix2.txt 2008-08-13 02:13:43
ComboFix3.txt 2008-08-12 02:03:13
ComboFix4.txt 2008-08-12 00:18:50

Pre-Run: 44,966,338,560 bytes free
Post-Run: 44,953,108,480 bytes free

425 --- E O F --- 2008-08-14 06:34:49
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 14th, 2008, 3:54 pm

Now for the HJT Log:
(side note: I constantly get a Microsoft Installation popup that is trying to repeatedly install a program called Photogallery - I would like to address this issue)

NOw...the LOG!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:42 PM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=1061013
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats3.html
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] "C:\WINDOWS\system32\rundll32.exe" CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/ins ... utions.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Advanced System Products, Inc. - (no file)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9689 bytes
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 15th, 2008, 9:10 am

SIDENOTE:

I still do not have Task Manager under the 'normal' limited user logins. Task manager has only been recovered for the Admin User. Also- when clicking on the "Start" tab the limited users are not able to access "My Computer" "My Desktop" "My Network Places" "My Documents" as those links or shortcuts are still missing. They have been restored under The Admin user login but not the others.

I still have the "Install" pop-up to 'install' the "Photogallery" program. There is a 'cancel' option on the pop-up but it
does not work (of course!)
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby mjq424 » August 18th, 2008, 3:52 pm

Hi
I apologise for the delay in my reply. I was away this weekend.

Download FixPolicies.exe to your Desktop
  • Double-click FixPolicies.exe
  • Click the "Install" button on the bottom toolbar of the box that will open
  • The program will create a new Folder called FixPolicies
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
  • A black box will briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.

Have you got an HP printer with photogallery? If so, please do the following to resolve the popup:

1. Insert the software CD shipped along with the unit into the CD drive.

Cancel any installation screen that pops up.

2. Go to My Computer folder. Right click on the CD drive (For Example: D: or E: )
3. Click Open.
4. Under the CD contents search for the Setup folder.
5. Under setup folder you will find the Photogallery folder. Open the photogallery folder.
6. Right-click on the "photogallery.msi" file and click on repair.
7. Again right-click on the "photogallery.msi" file and click on install

Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 19th, 2008, 2:28 am

Hi Matt~ how was your weekend ?

I was successful running FixPolicies.exe no problemo!

I was not able to repeat my success when attempting to repair Photogallery. I was able to locate Photogallery.msi without issues ....but when I would click on "repair" it would immediately try to install. I repeated this many times. Clicking on 'repair' triggered an install. Then, I tried repairing it via Photogallery.CAB which was the icon right next to it and that error message said that WinRAR can only repair RAR archives. And Photogallery is a CAB? I tried many times to "repair" Photogallery but could not. Then I tried to Install from the Photogallery.msi file even though it had not been 'repaired'. No luck. Then I tried to uninstall Photogallery. That "worked" but did not solve the install popup upon rebooting. Photogallery continues to Install at reboot and ultimately abort only to continue this futile cycle until I close it down with Task Manager.

Then I tried to repair but it said I could only repair if it was installed. So I tried to install it but I was not successful in installing it. Apparently I can neither install nor repair. A classic Catch-22 SNAFU. So, I gave up...rebooted and ran this Hijack log for you: enjoy!
****************************************************************
HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:11 AM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1061013
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats3.html
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] "C:\WINDOWS\system32\rundll32.exe" CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/ins ... utions.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Advanced System Products, Inc. - (no file)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9637 bytes
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 19th, 2008, 7:54 am

FixPolicies.exe did not enable the control panel for the limited user logins. Admin has it and has had it since we ran one of the earlier "fixes" but the other limited use logins still are not enabled. I opened and ran it under those logins as well and it did not work.

So neither FixPolicies nor Photogallery.msi "fixes" worked.

Please advise.
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby mjq424 » August 20th, 2008, 4:27 am

OTScanIt

Download OTScanIt to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please post the resulting log here.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby mjq424 » August 20th, 2008, 6:53 am

Hi
Further to the above post, I would like more information about your other user accounts.

Please post HijackThis logs for each user account, in separate posts, identified by name, each having a brief description of the problems that account is experiencing, e.g.:

Post 1 JoeSmith...
  1. Identify Account: This is for user account: JoeSmith
  2. HijackThis log
  3. Statement regarding malware symptoms in that account.


Post 2 SuziSmith...
  1. Identify Account: This is for user account: SuziSmith
  2. HijackThis log
  3. Statement regarding malware symptoms in that account.


Any further logs I request should be identified by the user account at the top of the post.
If that doesn't make sense, please clarify with me.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 21st, 2008, 12:47 am

OTScanIT log:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Code: Select all
OTScanIt logfile created on: 8/20/2008 11:55:38 PM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Admin\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
446.42 Mb Total Physical Memory | 207.42 Mb Available Physical Memory | 46.46% Memory free
1.03 Gb Paging File | 0.57 Gb Available in Paging File | 55.78% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 42.33 Gb Free Space | 59.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUDDYBOY
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 6/12/2008 2:46:25 PM | Attr =    ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 8/15/2008 1:42:24 PM | Attr =    ]
creativelicensing.exe -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 10/13/2006 6:12:30 PM | Attr =    ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr =    ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 155715 bytes | Modified Date = 8/23/2006 12:12:44 PM | Attr =    ]
washersvc.exe -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 598856 bytes | Modified Date = 11/26/2007 2:47:40 PM | Attr =    ]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr =    ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.5143.0  nd491 cp1 | Size = 282624 bytes | Modified Date = 8/15/2006 2:38:14 AM | Attr =    ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 AM | Attr =    ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr =    ]
dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =    ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ->  [Ver =  | Size = 169984 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr =    ]
googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe ->  [Ver =  | Size = 555008 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr =    ]
clclean.0001 -> %UserProfile%\Local Settings\temp\clclean.0001 -> Macrovision Europe Ltd. [Ver = 1, 0, 0, 1 | Size = 59964 bytes | Modified Date = 8/20/2008 7:09:24 AM | Attr =    ]
googledesktopdisplay.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopDisplay.exe ->  [Ver =  | Size = 415744 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr =    ]
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 6/12/2008 2:28:45 PM | Attr =    ]
dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 7/16/2006 9:29:54 PM | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/3/2007 9:36:47 AM | Attr =    ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr =    ]
linksysagent.exe -> %ProgramFiles%\Linksys EasyLink Advisor\LinksysAgent.exe -> Linksys, a Division of Cisco Systems, Inc. [Ver = 3, 0, 0, 197 | Size = 454784 bytes | Modified Date = 3/15/2007 7:16:42 PM | Attr =    ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 884736 bytes | Modified Date = 11/16/2006 6:58:32 PM | Attr =    ]
wwdisp.exe -> %ProgramFiles%\Webroot\Washer\wwDisp.exe -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 1206600 bytes | Modified Date = 11/26/2007 2:47:30 PM | Attr =    ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = R  ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr =    ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.40.88 | Size = 789008 bytes | Modified Date = 1/9/2008 1:32:08 PM | Attr =    ]
khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.40.53 | Size = 55824 bytes | Modified Date = 1/9/2008 1:28:58 PM | Attr =    ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 7/19/2008 2:25:37 PM | Attr =    ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/3/2006 9:03:10 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 6/12/2008 2:46:25 PM | Attr =    ]
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 8/15/2008 1:42:24 PM | Attr =    ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] ->  -> File not found
(Creative Labs Licensing Service) Creative Labs Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 10/13/2006 6:12:30 PM | Attr =    ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/31/2007 7:06:49 PM | Attr =    ]
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1, 0, 50, 0 | Size = 81920 bytes | Modified Date = 5/20/2005 11:37:12 AM | Attr =    ]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 10/16/2004 6:31:06 AM | Attr =    ]
(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.40.88 | Size = 121360 bytes | Modified Date = 1/9/2008 1:30:08 PM | Attr =    ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 11/10/2006 7:18:02 PM | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 155715 bytes | Modified Date = 8/23/2006 12:12:44 PM | Attr =    ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/3/2006 9:03:10 PM | Attr =    ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 3577192 bytes | Modified Date = 7/28/2008 4:43:50 PM | Attr =    ]
(wwEngineSvc) Window Washer Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 598856 bytes | Modified Date = 11/26/2007 2:47:40 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 6/12/2008 2:28:45 PM | Attr =    ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe ["C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r] -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 AM | Attr =    ]
DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE ["C:\WINDOWS\System32\DLA\DLACTRLW.EXE"] -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =    ]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ["C:\Program Files\Dell\Media Experience\DMXLauncher.exe"] ->  [Ver =  | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr =    ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] ->  [Ver =  | Size = 169984 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr =    ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr =    ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr =    ]
Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe ["C:\WINDOWS\KHALMNPR.EXE"] -> Logitech, Inc. [Ver = 4.40.53 | Size = 55824 bytes | Modified Date = 11/29/2007 3:17:20 AM | Attr =    ]
MBMon -> %SystemRoot%\system32\CTMBHA.DLL ["C:\WINDOWS\system32\rundll32.exe" CTMBHA.DLL,MBMon] ->  [Ver = 1.0.1.330 | Size = 1355042 bytes | Modified Date = 6/28/2006 11:12:00 PM | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe ["C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr =    ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll ["C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 7630848 bytes | Modified Date = 8/23/2006 12:12:40 PM | Attr =    ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll ["C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 86016 bytes | Modified Date = 8/23/2006 12:12:42 PM | Attr =    ]
nwiz -> %SystemRoot%\system32\nwiz.exe ["C:\WINDOWS\system32\nwiz.exe" /install] ->  [Ver =  | Size = 1617920 bytes | Modified Date = 8/23/2006 12:12:46 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 10/13/2006 6:16:03 PM | Attr =    ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe ["C:\WINDOWS\stsystra.exe"] -> SigmaTel, Inc. [Ver = 1.0.5143.0  nd491 cp1 | Size = 282624 bytes | Modified Date = 8/15/2006 2:38:14 AM | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/14/2006 12:31:10 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr =    ]
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 7/16/2006 9:29:54 PM | Attr =    ]
EasyLinkAdvisor -> %ProgramFiles%\Linksys EasyLink Advisor\LinksysAgent.exe ["C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup] -> Linksys, a Division of Cisco Systems, Inc. [Ver = 3, 0, 0, 197 | Size = 454784 bytes | Modified Date = 3/15/2007 7:16:42 PM | Attr =    ]
SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE [MIDIDef.exe] -> Creative Technology Ltd [Ver = 2, 9, 0, 4 | Size = 24576 bytes | Modified Date = 12/22/2004 4:40:02 AM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/3/2007 9:36:47 AM | Attr =    ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R  ]
Window Washer -> %ProgramFiles%\Webroot\Washer\wwDisp.exe ["C:\Program Files\Webroot\Washer\wwDisp.exe"] -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 1206600 bytes | Modified Date = 11/26/2007 2:47:30 PM | Attr =    ]
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
Index Washer -> %ProgramFiles%\Webroot\Washer\WashIdx.exe [C:\Program Files\Webroot\Washer\WashIdx.exe "Admin"] -> Webroot Software, Inc. [Ver = 1.0.1.273 | Size = 55624 bytes | Modified Date = 11/26/2007 2:47:42 PM | Attr =    ]
< Run [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr =    ]
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 7/16/2006 9:29:54 PM | Attr =    ]
EasyLinkAdvisor -> %ProgramFiles%\Linksys EasyLink Advisor\LinksysAgent.exe ["C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup] -> Linksys, a Division of Cisco Systems, Inc. [Ver = 3, 0, 0, 197 | Size = 454784 bytes | Modified Date = 3/15/2007 7:16:42 PM | Attr =    ]
SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE [MIDIDef.exe] -> Creative Technology Ltd [Ver = 2, 9, 0, 4 | Size = 24576 bytes | Modified Date = 12/22/2004 4:40:02 AM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/3/2007 9:36:47 AM | Attr =    ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R  ]
Window Washer -> %ProgramFiles%\Webroot\Washer\wwDisp.exe ["C:\Program Files\Webroot\Washer\wwDisp.exe"] -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 1206600 bytes | Modified Date = 11/26/2007 2:47:30 PM | Attr =    ]
< RunOnce [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
Index Washer -> %ProgramFiles%\Webroot\Washer\WashIdx.exe [C:\Program Files\Webroot\Washer\WashIdx.exe "Admin"] -> Webroot Software, Inc. [Ver = 1.0.1.273 | Size = 55624 bytes | Modified Date = 11/26/2007 2:47:42 PM | Attr =    ]
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.1.0.2008042300 | Size = 29696 bytes | Modified Date = 4/23/2008 3:38:16 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Billminder.lnk -> %ProgramFiles%\Quicken\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 36864 bytes | Modified Date = 7/30/2002 3:02:26 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = R  ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.40.88 | Size = 789008 bytes | Modified Date = 1/9/2008 1:32:08 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 7/30/2002 3:02:40 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Startup.lnk -> %ProgramFiles%\Quicken\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 7/30/2002 3:02:42 PM | Attr =    ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Robert Masiak Startup Folder > -> C:\Documents and Settings\Robert Masiak\Start Menu\Programs\Startup -> 
< Susan Luling Startup Folder > -> C:\Documents and Settings\Susan Luling\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ->  [Ver =  | Size = 111616 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr =    ]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_CDRWDVD_CRX310S____________________VDK2____\3032363038303930303032303930303520202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/10/2004 1:04:08 PM | Attr =    ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013 -> 
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013 -> 
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: Main\\Local Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R  ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> 
eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{8237CEDF-3602-438D-9C98-E640943A4B4B} ->    (Broadcom 440x 10/100 Integrated Controller) -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{493ACF15-5CD9-4474-82A6-91670C3DD66E}[HKEY_LOCAL_MACHINE] -> http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[LinkedIn ContactFinderControl] -> 
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}[HKEY_LOCAL_MACHINE] -> http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab[DeviceEnum Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7}[HKEY_LOCAL_MACHINE] -> http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fixengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fixengine.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fixengine.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpbasicdetection3.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpbasicdetection3.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpbasicdetection3.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPCommunication.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPCommunication.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPCommunication.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPeDiag.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPeDiag.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPeDiag.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpscripting.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpscripting.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpscripting.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InternetUtil2.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InternetUtil2.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InternetUtil2.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rulesengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rulesengine.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rulesengine.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} ->  -> 



[Files/Folders - Created Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 211 bytes | Created Date = 8/11/2008 8:58:00 PM | Attr =    ]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 8/11/2008 8:57:40 PM | Attr =    ]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 8/11/2008 8:57:55 PM | Attr =    ]
install.dat -> %SystemDrive%\install.dat ->  [Ver =  | Size = 164 bytes | Created Date = 8/3/2008 5:54:21 PM | Attr =    ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 8/11/2008 7:06:17 PM | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 8/17/2008 9:57:26 AM | Attr =  HS]
avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 7.00.00.02 | Size = 45376 bytes | Created Date = 8/2/2008 7:30:54 AM | Attr =    ]
avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 8/2/2008 7:30:54 AM | Attr =    ]
avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.2.31 | Size = 75072 bytes | Created Date = 8/2/2008 7:30:51 AM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/10/2008 4:25:11 PM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/10/2008 4:25:10 PM | Attr =    ]
ssfs0bbc.sys -> %SystemRoot%\System32\drivers\ssfs0bbc.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 29808 bytes | Created Date = 7/28/2008 4:44:00 PM | Attr =    ]
sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 23152 bytes | Created Date = 7/28/2008 4:44:02 PM | Attr =    ]
ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 166512 bytes | Created Date = 7/28/2008 4:44:02 PM | Attr =    ]
ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 8/2/2008 7:30:53 AM | Attr =    ]
SsiEfr.exe -> %SystemRoot%\System32\SsiEfr.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 15208 bytes | Created Date = 7/28/2008 4:43:48 PM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 8/11/2008 7:06:39 PM | Attr =    ]
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini ->  [Ver =  | Size = 49 bytes | Created Date = 8/19/2008 12:19:13 AM | Attr =    ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
temp -> %SystemRoot%\temp ->  [Folder | Created Date = 8/14/2008 2:51:19 PM | Attr =    ]
Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 194888 bytes | Created Date = 8/5/2008 12:04:13 AM | Attr =    ]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 281 bytes | Modified Date = 8/11/2008 8:58:00 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 8/11/2008 8:58:00 PM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 8/19/2008 1:18:43 AM | Attr =  H ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 8/10/2008 3:48:40 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 468176896 bytes | Modified Date = 8/20/2008 7:07:18 AM | Attr =  HS]
install.dat -> %SystemDrive%\install.dat ->  [Ver =  | Size = 164 bytes | Modified Date = 8/3/2008 11:20:14 PM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/14/2008 2:40:51 PM | Attr =    ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 8/14/2008 2:51:00 PM | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 8/17/2008 9:57:26 AM | Attr =  HS]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 8/19/2008 12:18:59 AM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/20/2008 7:10:38 AM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 8/14/2008 2:45:00 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 8/14/2008 2:45:00 PM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr =    ]
ssfs0bbc.sys -> %SystemRoot%\System32\drivers\ssfs0bbc.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 29808 bytes | Modified Date = 7/28/2008 4:44:00 PM | Attr =    ]
sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 23152 bytes | Modified Date = 7/28/2008 4:44:02 PM | Attr =    ]
ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 166512 bytes | Modified Date = 7/28/2008 4:44:02 PM | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 7/23/2008 9:51:05 AM | Attr =    ]
27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/14/2008 2:50:40 PM | Attr =    ]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 8/14/2008 2:43:10 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/14/2008 1:34:48 AM | Attr =  HS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/14/2008 2:51:25 PM | Attr =    ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 81191 bytes | Modified Date = 8/20/2008 7:09:20 AM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62426 bytes | Modified Date = 8/2/2008 5:09:56 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 404310 bytes | Modified Date = 8/2/2008 5:09:56 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 473678 bytes | Modified Date = 8/2/2008 5:09:54 PM | Attr =    ]
SsiEfr.exe -> %SystemRoot%\System32\SsiEfr.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 15208 bytes | Modified Date = 7/28/2008 4:43:48 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/14/2008 1:34:40 AM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 8/14/2008 2:41:56 PM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/20/2008 7:07:21 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 8/11/2008 7:07:28 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 8/14/2008 2:42:42 PM | Attr =    ]
hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 8/19/2008 12:19:13 AM | Attr =    ]
hpoins11.dat -> %SystemRoot%\hpoins11.dat ->  [Ver =  | Size = 116458 bytes | Modified Date = 8/19/2008 12:16:18 AM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/14/2008 1:34:43 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/14/2008 1:34:49 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/19/2008 1:18:43 AM | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 8/13/2008 12:56:49 AM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 8/1/2008 11:12:12 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/20/2008 11:53:56 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/9/2008 1:14:33 AM | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 8/14/2008 2:45:27 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/14/2008 2:51:26 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 8/12/2008 8:41:25 PM | Attr =   S]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 8/20/2008 7:12:46 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/20/2008 7:07:25 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 10/19/2006 6:21:26 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5524 bytes | Modified Date = 8/20/2008 7:08:54 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5524 bytes | Modified Date = 8/20/2008 7:08:54 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/26/2006 2:27:56 AM | Attr =    ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 12/26/2006 2:27:56 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 1/6/2007 1:00:46 AM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/18/2006 10:03:38 AM | Attr =    ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162475 bytes | Modified Date = 11/18/2006 10:12:17 AM | Attr =    ]

< End of report >
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm

Re: New Member: Drowning in Malware-Pls Analyze my HJT Log

Unread postby Lakota » August 21st, 2008, 1:00 am

Problem: My Control Panel is missing many components or icons such as "My Computer" "My Network" etc
The only components or icons present are Mozilla Firefox Browser, Email OUtlook Express (which I don't use) Microsoft Word AntivirPE Classic Microsoft Excel and Set Program access and defaults which I have been using to delete programs
Finally I cannot switch users. My only choice on the control panel is to "turn off computer"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
HJT LOG: user Robert M.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:59 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1061013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1061013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [MBMon] "C:\WINDOWS\system32\rundll32.exe" CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [\Win75.exe] C:\Windows\system32\Win75.exe
O4 - HKCU\..\Run: [\Win76.exe] C:\Windows\system32\Win76.exe
O4 - HKCU\..\Run: [\Win77.exe] C:\Windows\system32\Win77.exe
O4 - HKCU\..\Run: [\Win7B.exe] C:\Windows\system32\Win7B.exe
O4 - HKCU\..\Run: [\Win7C.exe] C:\Windows\system32\Win7C.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" (User 'Admin')
O4 - HKUS\S-1-5-21-1250652983-273169350-1701214713-1007\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Admin" (User 'Admin')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/ins ... utions.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Advanced System Products, Inc. - (no file)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12098 bytes
Lakota
Regular Member
 
Posts: 26
Joined: August 6th, 2008, 8:03 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware