Run by Darren on 21/07/2008 at 22:00
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\ADDAD32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDGC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDGF32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDGN32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDOS.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDSY.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDTB32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIHK.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIKT.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIUH.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPAN.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPEK.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPIX32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPNE.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPUL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPWN32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLCR32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLDQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLEW32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLEY.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLIZ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLPB.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLTB.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLVP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLZQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLZW.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRAR32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRCQ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRDL.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRNA32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRPB32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3CY.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3KC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3KQ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3VA32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3ZR.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEAO.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEKG32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEKS32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IENW32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEPB.EXE - Deleted
C:\WINDOWS\SYSTEM32\IESJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPGL.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPQC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPRG.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPVC.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPWE.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAAL.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVADG.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAFT32.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAJF.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAKF.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAVU.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAZH32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCAT.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCHY32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCJQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCKH32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCTF.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCTW32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCXC.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCXC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCZU32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSDO32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSRC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSVH32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETBR.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETEL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETKB.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETKW32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETOX.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETSE.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETXA.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTDD.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTDW32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTIE32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTIW.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTNG.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTPD.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTPJ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTXL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKDZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKHP.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKRY32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKSV32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSCM32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSFY32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSMM.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSSL.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSYV.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINGJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINOC.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINXK32.EXE - Deleted
C:\WINDOWS\SYSTEM32\YF.EXE - Deleted
C:\WINDOWS\ADDGS.EXE - Deleted
C:\WINDOWS\ADDMJ32.EXE - Deleted
C:\WINDOWS\ADDPY.EXE - Deleted
C:\WINDOWS\ADDRH.EXE - Deleted
C:\WINDOWS\ADDRI32.EXE - Deleted
C:\WINDOWS\ADDRT.EXE - Deleted
C:\WINDOWS\ADDZI.EXE - Deleted
C:\WINDOWS\APIFA.EXE - Deleted
C:\WINDOWS\APINO.EXE - Deleted
C:\WINDOWS\APIRK.EXE - Deleted
C:\WINDOWS\APISI32.EXE - Deleted
C:\WINDOWS\APPAW.EXE - Deleted
C:\WINDOWS\APPFB32.EXE - Deleted
C:\WINDOWS\APPFE32.EXE - Deleted
C:\WINDOWS\APPLH32.EXE - Deleted
C:\WINDOWS\APPLS32.EXE - Deleted
C:\WINDOWS\APPOM.EXE - Deleted
C:\WINDOWS\APPTG.EXE - Deleted
C:\WINDOWS\ATLHV.EXE - Deleted
C:\WINDOWS\ATLJM32.EXE - Deleted
C:\WINDOWS\ATLOX.EXE - Deleted
C:\WINDOWS\ATLTH.EXE - Deleted
C:\WINDOWS\ATLUK.EXE - Deleted
C:\WINDOWS\ATLZR.EXE - Deleted
C:\WINDOWS\CRAB32.EXE - Deleted
C:\WINDOWS\CRIX.EXE - Deleted
C:\WINDOWS\CROB.EXE - Deleted
C:\WINDOWS\CROL32.EXE - Deleted
C:\WINDOWS\CROR32.EXE - Deleted
C:\WINDOWS\CRRQ32.EXE - Deleted
C:\WINDOWS\CRWC.EXE - Deleted
C:\WINDOWS\D3AP32.EXE - Deleted
C:\WINDOWS\D3CY32.EXE - Deleted
C:\WINDOWS\D3HD32.EXE - Deleted
C:\WINDOWS\D3KM32.EXE - Deleted
C:\WINDOWS\D3NJ.EXE - Deleted
C:\WINDOWS\D3OS.EXE - Deleted
C:\WINDOWS\D3VD32.EXE - Deleted
C:\WINDOWS\D3VW32.EXE - Deleted
C:\WINDOWS\D3VX.EXE - Deleted
C:\WINDOWS\D3YX32.EXE - Deleted
C:\WINDOWS\IEMS.EXE - Deleted
C:\WINDOWS\IENM.EXE - Deleted
C:\WINDOWS\IEPQ.EXE - Deleted
C:\WINDOWS\IESJ32.EXE - Deleted
C:\WINDOWS\IETB32.EXE - Deleted
C:\WINDOWS\IEXU.EXE - Deleted
C:\WINDOWS\IEYG.EXE - Deleted
C:\WINDOWS\IPCG32.EXE - Deleted
C:\WINDOWS\IPCL32.EXE - Deleted
C:\WINDOWS\IPEN32.EXE - Deleted
C:\WINDOWS\IPLN.EXE - Deleted
C:\WINDOWS\IPSK32.EXE - Deleted
C:\WINDOWS\IPTI.EXE - Deleted
C:\WINDOWS\JAVAAV.EXE - Deleted
C:\WINDOWS\JAVALB32.EXE - Deleted
C:\WINDOWS\JAVALH.EXE - Deleted
C:\WINDOWS\JAVAQF.EXE - Deleted
C:\WINDOWS\JAVAYZ32.EXE - Deleted
C:\WINDOWS\MFCEH32.EXE - Deleted
C:\WINDOWS\MFCEQ32.EXE - Deleted
C:\WINDOWS\MFCHU32.EXE - Deleted
C:\WINDOWS\MFCID.EXE - Deleted
C:\WINDOWS\MFCNR32.EXE - Deleted
C:\WINDOWS\MFCQH32.EXE - Deleted
C:\WINDOWS\MFCSG32.EXE - Deleted
C:\WINDOWS\MFCSR.EXE - Deleted
C:\WINDOWS\MFCWJ32.EXE - Deleted
C:\WINDOWS\MFCYN.EXE - Deleted
C:\WINDOWS\MFCZK.EXE - Deleted
C:\WINDOWS\MFCZL.EXE - Deleted
C:\WINDOWS\MSGD.EXE - Deleted
C:\WINDOWS\MSKB.EXE - Deleted
C:\WINDOWS\MSQI.EXE - Deleted
C:\WINDOWS\MSWJ.EXE - Deleted
C:\WINDOWS\NETEX.EXE - Deleted
C:\WINDOWS\NETIK.EXE - Deleted
C:\WINDOWS\NETMJ.EXE - Deleted
C:\WINDOWS\NETOQ.EXE - Deleted
C:\WINDOWS\NETPK32.EXE - Deleted
C:\WINDOWS\NTDD32.EXE - Deleted
C:\WINDOWS\NTDO32.EXE - Deleted
C:\WINDOWS\NTIS32.EXE - Deleted
C:\WINDOWS\NTJF.EXE - Deleted
C:\WINDOWS\NTVQ.EXE - Deleted
C:\WINDOWS\NTXA32.EXE - Deleted
C:\WINDOWS\SDKAU32.EXE - Deleted
C:\WINDOWS\SDKDY.EXE - Deleted
C:\WINDOWS\SDKFC.EXE - Deleted
C:\WINDOWS\SDKIE.EXE - Deleted
C:\WINDOWS\SDKIY32.EXE - Deleted
C:\WINDOWS\SDKLL.EXE - Deleted
C:\WINDOWS\SDKLU32.EXE - Deleted
C:\WINDOWS\SDKLV.EXE - Deleted
C:\WINDOWS\SDKPF.EXE - Deleted
C:\WINDOWS\SDKUS.EXE - Deleted
C:\WINDOWS\SYSDU.EXE - Deleted
C:\WINDOWS\SYSFM.EXE - Deleted
C:\WINDOWS\SYSGX32.EXE - Deleted
C:\WINDOWS\SYSIS32.EXE - Deleted
C:\WINDOWS\SYSJF.EXE - Deleted
C:\WINDOWS\SYSRN32.EXE - Deleted
C:\WINDOWS\SYSSA32.EXE - Deleted
C:\WINDOWS\SYSSF.EXE - Deleted
C:\WINDOWS\SYSVZ32.EXE - Deleted
C:\WINDOWS\SYSWD32.EXE - Deleted
C:\WINDOWS\WINGO32.EXE - Deleted
C:\WINDOWS\WINMD.EXE - Deleted
C:\WINDOWS\WINOJ.EXE - Deleted
C:\WINDOWS\WINQW.EXE - Deleted
C:\WINDOWS\WINRX.EXE - Deleted
C:\WINDOWS\WINUR32.EXE - Deleted
C:\WINDOWS\WINUT.EXE - Deleted
C:\WINDOWS\system32\c.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 22:06:51
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\lo-2062960390.exe"="C:\\lo-2062960390.exe:*:Enabled:Windows Update"
"C:\\WINDOWS\\lo-2062960390.exe"="C:\\WINDOWS\\lo-2062960390.exe:*:Enabled:Windows Update"
"C:\\Program Files\\Common Files\\System\\MSASP32.exe"="C:\\Program Files\\Common Files\\System\\MSASP32.exe:*:Enabled:Microsoft ASP"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 5 Aug 2002 49,222 A..H. --- "C:\Program Files\AOL 7.0\aolphx.exe"
Mon 5 Aug 2002 32,842 A..H. --- "C:\Program Files\AOL 7.0\aoltray.exe"
Fri 10 May 2002 40,960 A..H. --- "C:\Program Files\AOL 7.0\RBM.exe"
Mon 5 Aug 2002 180,290 A..H. --- "C:\Program Files\AOL 7.0\waol.exe"
Wed 25 Feb 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Wed 25 Feb 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 5 Aug 2002 49,224 A..H. --- "C:\Program Files\AOL 7.0\COMIT\cswitch.exe"
Wed 16 Jul 2008 62,168 ..SHR --- "C:\Program Files\Common Files\System\MSASP32.exe"
Fri 2 Nov 2007 404 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Wed 9 Jul 2008 62,168 A.SHR --- "C:\_OTMoveIt\MovedFiles\07132008_111157\Program Files\Common Files\System\MSASP32.exe"
Sun 3 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
Deckard's System Scanner v20071014.68
Run by Darren on 2008-07-21 22:10:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Darren.exe) ----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:11:02, on 21/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\System\MSASP32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1175040655\ee\aolsoftware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Documents and Settings\Darren\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Darren.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wnxx.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- Files created between 2008-06-21 and 2008-07-21 -----------------------------
2008-07-21 21:55:29 0 d-------- C:\WINDOWS\ERUNT
2008-07-18 13:43:42 0 d-------- C:\Program Files\Panda Security
2008-07-15 14:41:39 71 --a------ C:\WINDOWS\System32\.pif
2008-07-15 12:57:31 0 d-------- C:\Program Files\Java
2008-07-15 12:57:27 0 d-------- C:\Program Files\Common Files\Java
2008-07-15 12:57:04 0 d-------- C:\Documents and Settings\Darren\Application Data\Sun
2008-07-13 11:08:25 62168 --a------ C:\WINDOWS\System32\nb.exe
2008-07-12 14:22:34 62168 --a------ C:\WINDOWS\System32\aq.exe
2008-07-11 13:20:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 16:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 16:30:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 16:30:01 0 d-------- C:\Documents and Settings\Darren\Application Data\SUPERAntiSpyware.com
2008-07-06 16:29:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
-- Find3M Report ---------------------------------------------------------------
2008-07-21 12:35:08 0 d-------- C:\Program Files\Paint Shop Pro 5
2008-07-16 12:16:06 0 d-------- C:\Documents and Settings\Darren\Application Data\Adobe
2008-07-15 12:57:27 0 d-------- C:\Program Files\Common Files
2008-07-13 15:02:25 0 d-------- C:\Program Files\FinePixViewer
2008-07-11 08:32:35 0 d-------- C:\Documents and Settings\Darren\Application Data\AVG7
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20/01/2003 01:29]
"SoundMan"="SOUNDMAN.EXE" [20/01/2003 10:48 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [09/07/2001 11:50]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [09/01/2003 00:55]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [19/02/2003 01:33]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 16:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 17:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 14:47]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [06/05/2003 10:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [18/04/2008 19:15]
"HostManager"="C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe" [17/11/2006 14:21]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [29/08/2002 13:00]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [17/07/2002 20:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ixproxy"=C:\WINDOWS\lo-2062960390.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [01/06/2004 18:14:06]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [29/03/2008 11:20:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
C:\Program Files\Internet Explorer\IEXPLORE.EXE
-- End of Deckard's System Scanner: finished at 2008-07-21 22:11:18 ------------