Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Logfile scan, HijackThis, needs review

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Logfile scan, HijackThis, needs review

Unread postby korp135 » August 18th, 2008, 3:49 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:42 PM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Glary Utilities\Integrator.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - (no file)
O2 - BHO: (no name) - {A8A0B403-C9EE-4B76-AB2D-3BCBFB83404B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: {f8cf3e04-14b0-0128-8c54-0ec004bcc6df} - {fd6ccb40-0ce0-45c8-8210-0b4140e3fc8f} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: nnnnllj - nnnnllj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7328 bytes


As I write this I am being attacked by Hijackers, it's not extreme yet. On average, when I open a new site, I get a foreign site pop up. The most common is clicksor. I have Web security guard and it normally tells me that the sites and dangerous and gives me to option to block it, therefore allowing me to close that program without having to interact with the malicious site. But I have had this problem for a good 6 months, and I need to take care of it for my computer's health.

Any help would be appreciated
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm
Advertisement
Register to Remove

Re: Logfile scan, HijackThis, needs review

Unread postby Shaba » August 20th, 2008, 5:46 am

Hi korp135

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Logfile scan, HijackThis, needs review

Unread postby korp135 » August 20th, 2008, 1:24 pm

Code: Select all
OTScanIt logfile created on: 8/20/2008 10:21:41 AM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.47 Mb Total Physical Memory | 555.39 Mb Available Physical Memory | 54.27% Memory free
2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.72% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 33.62 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 631.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIMS-RIG
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 6/28/2005 7:55:38 PM | Attr =    ]
vsmon.exe -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 7/9/2008 9:05:18 AM | Attr =    ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/21/2008 3:31:39 PM | Attr =    ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/30/2008 2:04:24 PM | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/30/2008 2:04:26 PM | Attr =    ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 3/30/2008 2:04:24 PM | Attr =    ]
sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.2.1.365 | Size = 606720 bytes | Modified Date = 5/6/2008 4:18:06 PM | Attr =    ]
sdmcp.exe -> %CommonProgramFiles%\Stardock\SDMCP.exe -> Stardock [Ver = 0, 0, 5, 11 | Size = 241664 bytes | Modified Date = 5/10/2005 1:31:22 PM | Attr =    ]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 6/28/2005 7:55:38 PM | Attr =    ]
integrator.exe -> %ProgramFiles%\Glary Utilities\Integrator.exe -> GlarySoft.com [Ver = 2.5.0.168 | Size = 728064 bytes | Modified Date = 3/26/2008 12:37:00 PM | Attr =    ]
sstray.exe -> %SystemRoot%\SYSTEM32\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0366 | Size = 73728 bytes | Modified Date = 9/2/2003 3:25:04 PM | Attr =    ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2006.283 | Size = 32768 bytes | Modified Date = 6/28/2005 11:09:28 PM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 6/30/2007 12:22:45 AM | Attr =    ]
reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =    ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/17/2008 3:07:28 PM | Attr =    ]
spywareterminatorshield.exe -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.Exe -> Crawler.com [Ver = 2.2.1.347 | Size = 1817600 bytes | Modified Date = 5/6/2008 4:18:03 PM | Attr =    ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 7/9/2008 9:05:20 AM | Attr =    ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2006.283 | Size = 32768 bytes | Modified Date = 6/28/2005 11:09:28 PM | Attr =    ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2006.283 | Size = 32768 bytes | Modified Date = 6/28/2005 11:09:28 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 7/2/2008 6:52:30 PM | Attr =    ]
otscanit.exe -> %UserProfile%\desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/21/2008 3:31:39 PM | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 6/28/2005 7:55:38 PM | Attr =    ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe ->  [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 6/28/2005 7:05:00 PM | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/30/2008 2:04:24 PM | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/30/2008 2:04:26 PM | Attr =    ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 3/30/2008 2:04:24 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 5/1/2007 3:11:50 PM | Attr =    ]
(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.2.1.365 | Size = 606720 bytes | Modified Date = 5/6/2008 4:18:06 PM | Attr =    ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 7/9/2008 9:05:18 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =    ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime] -> ATI Technologies Inc. [Ver = 1.2.2006.283 | Size = 32768 bytes | Modified Date = 6/28/2005 11:09:28 PM | Attr =    ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/17/2008 3:07:28 PM | Attr =    ]
nForce Tray Options -> %SystemRoot%\SYSTEM32\sstray.exe [sstray.exe /r] -> NVIDIA Corporation [Ver = 1.00.00.0366 | Size = 73728 bytes | Modified Date = 9/2/2003 3:25:04 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 6/30/2007 12:22:45 AM | Attr =    ]
SpywareTerminator -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.Exe ["C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"] -> Crawler.com [Ver = 2.2.1.347 | Size = 1817600 bytes | Modified Date = 5/6/2008 4:18:03 PM | Attr =    ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 7/9/2008 9:05:20 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 5/1/2007 3:11:52 PM | Attr =    ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2006.283 | Size = 32768 bytes | Modified Date = 6/28/2005 11:09:28 PM | Attr =    ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{22342B44-5B98-4B30-9D53-C182AD8DF217} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:07 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 8:36:51 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 46080 bytes | Modified Date = 6/28/2005 7:56:48 PM | Attr =    ]
MCPClient -> %CommonProgramFiles%\Stardock\MCPStub.dll -> Stardock [Ver = 0, 0, 5, 2 | Size = 49152 bytes | Modified Date = 1/31/2005 3:13:38 PM | Attr =    ]
nnnnllj ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:52 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomLG_CD-ROM_CRD-8521B_____________________1.00____\5&279b01b1&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomSONY_DVD_RW_DRU-500A____________________2.0c____\4144463841383845_0_0_0_0_0_0_0_0_0_0_0_0 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAK [SET windir=C:\WINDOWS | SET winbootdir=C:\WINDOWS | SET COMSPEC=C:\WINDOWS\COMMAND.COM | SET PROMPT=$p$g | SET TEMP=C:\WINDOWS\TEMP | SET TMP=C:\WINDOWS\TEMP | SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\ATITEC~1\ATICON~1;C:\PROGRA~1\ATITEC~1\ATICON~1 | SET PATH=%PATH%;C:\PROGRA~1\ATITEC~1\ATICON~1 | ] -> %SystemDrive%\AUTOEXEC.BAK [ NTFS ] ->  [Ver =  | Size = 301 bytes | Modified Date = 5/5/2004 10:34:22 AM | Attr =  HS]
AUTOEXEC.BAT [SET windir=C:\WINDOWS | SET winbootdir=C:\WINDOWS | SET COMSPEC=C:\WINDOWS\COMMAND.COM | SET PROMPT=$p$g | SET TEMP=C:\WINDOWS\TEMP | SET TMP=C:\WINDOWS\TEMP | SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\ATITEC~1\ATICON~1;C:\PROGRA~1\ATITEC~1\ATICON~1;C:\PROGRA~1\ATITEC~1\ATICON~1 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 284 bytes | Modified Date = 5/5/2004 10:34:24 AM | Attr =    ]
AUTOEXEC.NS0 [SET windir=C:\WINDOWS | SET winbootdir=C:\WINDOWS | SET COMSPEC=C:\WINDOWS\COMMAND.COM | SET PROMPT=$p$g | SET TEMP=C:\WINDOWS\TEMP | SET TMP=C:\WINDOWS\TEMP | SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\ATITEC~1\ATICON~1;C:\PROGRA~1\ATITEC~1\ATICON~1 | ] -> %SystemDrive%\AUTOEXEC.NS0 [ NTFS ] ->  [Ver =  | Size = 254 bytes | Modified Date = 2/16/2004 12:29:44 PM | Attr =    ]
autoplay.exe [MZ | ] -> E:\autoplay.exe [ CDFS ] ->  [Ver =  | Size = 61440 bytes | Modified Date = 6/5/2002 11:56:50 PM | Attr = R  ]
autorun.inf [[autorun] | open=autoplay.exe | icon=war3.ico |  | ] -> E:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 47 bytes | Modified Date = 7/23/2001 5:25:04 AM | Attr = R  ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/webhp?sourceid=navclient&ie=UTF-8 -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> File not found
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/19/2008 11:23:24 PM | Attr =    ]
{22342B44-5B98-4B30-9D53-C182AD8DF217} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{A8A0B403-C9EE-4B76-AB2D-3BCBFB83404B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 2/27/2008 6:13:10 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 2/25/2008 3:05:27 PM | Attr =    ]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 3/30/2008 4:10:44 PM | Attr =    ]
{fd6ccb40-0ce0-45c8-8210-0b4140e3fc8f} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 2/27/2008 6:13:10 PM | Attr = R  ]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/19/2008 11:23:24 PM | Attr =    ]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 3/30/2008 4:10:44 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 2/27/2008 6:13:10 PM | Attr = R  ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 2/27/2008 6:13:10 PM | Attr = R  ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/19/2008 11:23:24 PM | Attr =    ]
WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 3/30/2008 4:10:44 PM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Crawler Search ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3F9AECD8-9066-4D3B-BC25-DAF66605E886} ->    (1394 Net Adapter) -> 
{4707B1EA-8E47-4FEE-8063-B3A02296C3D4} ->    (NVIDIA nForce MCP Networking Controller) -> 
{F71F8517-80ED-4BD6-87F3-96C04262BED5} ->    () -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
tbr:{4D25FB7A-8902-4291-960E-9ADA051CFBBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll[] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/19/2008 11:23:24 PM | Attr =    ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] -> 
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[FilePlanet Download Control Class] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9B03C5F1-F5AB-47EE-937D-A8EDA626F876}[HKEY_LOCAL_MACHINE] -> http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[Anonymizer Anti-Spyware Scanner] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.3671064815[Reg Error: Key does not exist or could not be opened.] -> 
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}[HKEY_LOCAL_MACHINE] -> https://www-secure.symantec.com/techsupp/activedata/SymAData.cab[ActiveDataInfo Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}[HKEY_LOCAL_MACHINE] -> https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab[ActiveDataObj Class] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ActiveData.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ActiveData.dll\\.Owner -> {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ActiveData.dll\\{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FilePlanetDownloadCtrl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FilePlanetDownloadCtrl.dll\\.Owner -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FilePlanetDownloadCtrl.dll\\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/spweng.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/spweng.dll\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/spweng.dll\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swksig.dat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swksig.dat\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swksig.dat\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\.Owner -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebAAS.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebAAS.dll\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebAAS.dll\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc71.dll\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc71.dll\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mpr.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mpr.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mpr.dll\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 



[Files/Folders - Created Within 30 days]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Created Date = 8/19/2008 12:53:50 PM | Attr =    ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 8/18/2008 12:18:52 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/18/2008 12:31:31 PM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/20/2008 10:16:39 AM | Attr =    ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 4714528 bytes | Modified Date = 8/20/2008 10:20:21 AM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 56204 bytes | Modified Date = 8/19/2008 10:07:31 PM | Attr =  HS]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 8/19/2008 1:31:40 PM | Attr =    ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/19/2008 10:07:15 PM | Attr =    ]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Modified Date = 8/19/2008 1:31:40 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/16/2008 12:50:29 PM | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 8/9/2008 11:13:33 PM | Attr =    ]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 352917 bytes | Modified Date = 8/20/2008 10:15:40 AM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 8/20/2008 10:15:51 AM | Attr =    ]
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat ->  [Ver =  | Size = 4212 bytes | Modified Date = 8/9/2008 5:41:20 PM | Attr =  H ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/16/2008 12:50:14 PM | Attr =  H ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/20/2008 10:14:55 AM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 8/19/2008 12:53:50 PM | Attr =    ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 8/16/2008 12:49:00 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/16/2008 12:50:21 PM | Attr =    ]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 8/19/2008 1:31:37 PM | Attr =  H ]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 8/20/2008 10:18:27 AM | Attr =    ]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 8/18/2008 12:18:52 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/20/2008 10:20:45 AM | Attr =    ]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 8/19/2008 12:53:50 PM | Attr =    ]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 8/20/2008 10:15:37 AM | Attr =    ]
GlaryInitialize.job -> %SystemRoot%\tasks\GlaryInitialize.job ->  [Ver =  | Size = 328 bytes | Modified Date = 8/20/2008 10:15:30 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/20/2008 10:15:10 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 6/13/2004 9:57:27 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 8/20/2008 10:16:54 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 8/20/2008 10:16:54 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 9/24/2007 5:05:29 PM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11066 bytes | Modified Date = 9/24/2007 5:05:42 PM | Attr =    ]
C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp ->  [Folder | Modified Date = 8/20/2008 10:19:24 AM | Attr =    ]
war3_Install.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\war3_Install.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 6/7/2002 12:08:56 PM | Attr =    ]
_is1.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_is1.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 454224 bytes | Modified Date = 8/4/2007 10:33:19 AM | Attr = R  ]
8 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 6:35:41 AM | Attr =    ]
ISUninst.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ISUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 6:37:36 AM | Attr =    ]
ISUninst.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ISUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 7:51:10 AM | Attr =    ]
ISUninst.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ISUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 8:42:46 AM | Attr =    ]
ISUninst.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ISUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 9:07:59 AM | Attr =    ]
ISUninst.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ISUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 9:09:47 AM | Attr =    ]
ISUninst.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ISUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\AGEIA\Driver\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\AGEIA\Driver ->  [Folder | Modified Date = 3/30/2008 8:38:08 PM | Attr =    ]
rescanDevNode.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AGEIA\Driver\rescanDevNode.exe ->  [Ver =  | Size = 81920 bytes | Modified Date = 11/7/2006 10:59:24 AM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\AUG2005DXREDIST\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\AUG2005DXREDIST ->  [Folder | Modified Date = 4/18/2006 6:53:26 PM | Attr =    ]
DXSETUP.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AUG2005DXREDIST\DXSETUP.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 482000 bytes | Modified Date = 7/26/2005 3:23:16 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 6:35:41 AM | Attr =    ]
237a85.DLL -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\237a85.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
Ctl3d32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 6:37:36 AM | Attr =    ]
254542.DLL -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\254542.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
Ctl3d32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 7:51:10 AM | Attr =    ]
21659f.DLL -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\21659f.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
Ctl3d32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 8:42:46 AM | Attr =    ]
218ed.DLL -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\218ed.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
Ctl3d32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 9:07:59 AM | Attr =    ]
24c41.DLL -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\24c41.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
Ctl3d32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 9:09:47 AM | Attr =    ]
3f6b5.DLL -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\3f6b5.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
Ctl3d32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\{599EED27-1E35-41B0-BCDE-954B179C5C20}\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\{599EED27-1E35-41B0-BCDE-954B179C5C20} ->  [Folder | Modified Date = 10/3/2007 5:11:19 PM | Attr =    ]
ISSetup.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\{599EED27-1E35-41B0-BCDE-954B179C5C20}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 495696 bytes | Modified Date = 8/16/2007 12:44:31 PM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\{599EED27-1E35-41B0-BCDE-954B179C5C20}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 164784 bytes | Modified Date = 8/4/2007 10:33:16 AM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\AUG2005DXREDIST\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\AUG2005DXREDIST ->  [Folder | Modified Date = 4/18/2006 6:53:26 PM | Attr =    ]
DSETUP.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AUG2005DXREDIST\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 75472 bytes | Modified Date = 7/26/2005 3:23:14 PM | Attr = R  ]
dsetup32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AUG2005DXREDIST\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2245840 bytes | Modified Date = 7/26/2005 3:23:14 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp ->  [Folder | Modified Date = 8/20/2008 10:19:24 AM | Attr =    ]
Perflib_Perfdata_8d4.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_8d4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/20/2008 10:16:54 AM | Attr =    ]
Perflib_Perfdata_8f0.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_8f0.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 8/20/2008 10:15:52 AM | Attr =    ]
Perflib_Perfdata_af8.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_af8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/20/2008 10:16:09 AM | Attr =    ]
8 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 6:35:41 AM | Attr =    ]
Corecomp.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 6:37:36 AM | Attr =    ]
Corecomp.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 7:51:10 AM | Attr =    ]
Corecomp.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 8:42:46 AM | Attr =    ]
Corecomp.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 9:07:59 AM | Attr =    ]
Corecomp.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP5.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\ ->  [Folder | Modified Date = 6/15/2004 9:09:47 AM | Attr =    ]
Corecomp.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP6.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 7/22/1999 4:14:10 PM | Attr = R  ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 3/30/2008 8:38:57 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\TEMP\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 11/20/2004 2:30:51 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 3/30/2008 8:38:57 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 11/20/2004 2:30:51 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GTOV2FGN\ -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\GTOV2FGN ->  [Folder | Modified Date = 11/20/2004 2:30:51 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\GTOV2FGN\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 11/20/2004 2:30:51 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\LJW6R2C1\ -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\LJW6R2C1 ->  [Folder | Modified Date = 11/20/2004 2:30:51 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\LJW6R2C1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 11/20/2004 2:30:51 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QNOR4PIN\ -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\QNOR4PIN ->  [Folder | Modified Date = 11/20/2004 2:30:51 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\QNOR4PIN\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 11/20/2004 2:30:51 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W9SHID4Z\ -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\W9SHID4Z ->  [Folder | Modified Date = 11/20/2004 2:30:51 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\W9SHID4Z\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 11/20/2004 2:30:51 PM | Attr =  HS]

< End of report >


This is the OTscanit result
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm

Re: Logfile scan, HijackThis, needs review

Unread postby Shaba » August 20th, 2008, 1:34 pm

Looks to be clean.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Logfile scan, HijackThis, needs review

Unread postby korp135 » August 20th, 2008, 4:02 pm

Malwarebytes' Anti-Malware 1.25
Database version: 1072
Windows 5.1.2600 Service Pack 2

1:00:13 PM 8/20/2008
mbam-log-08-20-2008 (13-00-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 135826
Time elapsed: 42 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22342b44-5b98-4b30-9d53-c182ad8df217} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\SYSTEM32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\DRIVERS\modemm.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMeb7bf605.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm

Re: Logfile scan, HijackThis, needs review

Unread postby Shaba » August 21st, 2008, 12:20 am

We need one more scan:

Please make sure that all programs are closed when installing Java.

  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Double click on jre-6u7-windows-i586-p.exe to install Java.
  8. After the Java installation has finished, please go to Kaspersky website and perform an online antivirus scan.
  9. Read through the requirements and privacy statement and click on Accept button.
  10. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  11. When the downloads have finished, click on Settings.
  12. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  13. Click on My Computer under Scan.
  14. Once the scan is complete, it will display the results. Click on View Scan Report.
  15. You will see a list of infected items there. Click on Save Report As....
  16. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  17. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Logfile scan, HijackThis, needs review

Unread postby korp135 » August 21st, 2008, 1:35 am

When I try to scan online with Kaspersky Online Scanner, it tells me that i do not have java enabled. I get a drop down bar saying install additional plugins. Then it asks me if i want to reinstall java 6 update 7 and i did. That did not help. I went to java website and troubleshooted, i went to tools, options, content, and the enabled java box was checked.
My Hijackers have ceased after the Malware Bytes scan though.

Thanks for the help so far and addition assistance with the Kaspersky problem would be great.
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm

Re: Logfile scan, HijackThis, needs review

Unread postby Shaba » August 21st, 2008, 2:36 am

With which browser you tried to scan?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Logfile scan, HijackThis, needs review

Unread postby korp135 » August 21st, 2008, 2:20 pm

Firefox, last night it was not working, but I just tried now and its working fine, i believe i was suppose to restart my computer after installation of Java.
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm

Re: Logfile scan, HijackThis, needs review

Unread postby Shaba » August 21st, 2008, 3:21 pm

Thanks for info.

Please post back logs when ready :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Logfile scan, HijackThis, needs review

Unread postby korp135 » August 21st, 2008, 6:08 pm

This is the HijackThis scan report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:16 PM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Glary Utilities\Integrator.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A8A0B403-C9EE-4B76-AB2D-3BCBFB83404B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: {f8cf3e04-14b0-0128-8c54-0ec004bcc6df} - {fd6ccb40-0ce0-45c8-8210-0b4140e3fc8f} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: nnnnllj - nnnnllj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7731 bytes


The Kaspersky Scan found nothing, the scan was empty
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm

Re: Logfile scan, HijackThis, needs review

Unread postby Shaba » August 22nd, 2008, 2:58 am

Great :)

Uninstall via add/remove programs:

Zone Alarm Spy Blocker

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {A8A0B403-C9EE-4B76-AB2D-3BCBFB83404B} - (no file)
O2 - BHO: {f8cf3e04-14b0-0128-8c54-0ec004bcc6df} - {fd6ccb40-0ce0-45c8-8210-0b4140e3fc8f} - (no file)
O20 - Winlogon Notify: nnnnllj - nnnnllj.dll (file missing)


Close all windows including browser and press fix checked.

Reboot.,

Delete if present:

C:\Program Files\ZoneAlarmSB

Empty Recycle Bin,

Post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Logfile scan, HijackThis, needs review

Unread postby korp135 » August 22nd, 2008, 11:58 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:30 PM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7154 bytes
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm

Re: Logfile scan, HijackThis, needs review

Unread postby Shaba » August 23rd, 2008, 4:53 am

That looks good :)

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Logfile scan, HijackThis, needs review

Unread postby korp135 » August 23rd, 2008, 12:04 pm

Nothing that can be related to viruses or malware. Graphics card flaked out on me, but i realized it hadnt been updated in awhile. Thanks a lot for all you help i really appreciate it. This computer needed that so bad, the speed on the internet as well as game play has improved a lot.
korp135
Active Member
 
Posts: 8
Joined: August 18th, 2008, 3:41 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware