Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please: stration and brwconf

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help please: stration and brwconf

Unread postby Lido » December 22nd, 2006, 9:09 pm

I am infected and can't figure out how to remove. Here is my Hijack log. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 7:58:52 PM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE
C:\WINDOWS\System32\slbipsch.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\slbipsch.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: vb5dmspo.dll e1.dll confbrw.dll brwstat.dll
O20 - Winlogon Notify: brwmgr - C:\WINDOWS\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: slbipsch - C:\WINDOWS\system32\slbipsch.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm
Advertisement
Register to Remove

Unread postby amateur » December 23rd, 2006, 10:02 pm

Hello and welcome to MR

You have an email worm. Please print these instructions so that you can have access to them while you are in Safe Mode later. Please read them carefully and follow them in the order they are presented.

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it Do not scan with it yet.

===================================

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Image

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

==========================

Make sure that you can see hidden files
· Click Start
· Open My Computer
· Select the Tools menu and click Folder Options
· Select the View Tab
· Under the Hidden files and folders heading select Show hidden files and folders
· Uncheck the Hide protected operating system files (recommended) option
· Click Yes to confirm
· Click OK
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

=================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=================================
Please scan with HijackThis and put a checkmark against the following entries:

O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O20 - AppInit_DLLs: vb5dmspo.dll e1.dll confbrw.dll brwstat.dll
O20 - Winlogon Notify: slbipsch - C:\WINDOWS\system32\slbipsch.dll
O20 - Winlogon Notify: brwmgr - C:\WINDOWS\SYSTEM32\brwmgr32.dll


Close all windows, except HijackThis, and click on "fix checked". Exit HijackThis but stay in Safe Mode.

=================================

In Safe Mode, using Windows "Search" function, search and delete the following files:

vb5dmspo.dll
e1.dll
confbrw.dll
brwstat.dll


and delete the following files, using Windows Explorer (right click on Start, click on Explore).

C:\WINDOWS\system32\slbipsch.dll
C:\WINDOWS\SYSTEM32\brwmgr32.dll

======================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

======================================

Still in Safe Mode:

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, [COLOR="Blue"]**Please ensure it is set to Quarantine[/COLOR] then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

======================================

Reboot in Normal Mode.

======================================

Please post back the results of the AVG Anti Spyware scan and a fresh HijackThis log.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Status

Unread postby Lido » December 24th, 2006, 1:07 pm

Thank you for your suggestions. On the Hijack step, the three 02 items would not delete. I tried several times while in Hijack. After the first try, I received a message of "unexpected error 5." I retried several more times. Didn't get the message but the three items would not delte. Using the Search function, I was able to find and delte "vb5mspo." For the e1.dll, there were six items that were listed. I didn't delete any of them. The search didn't find the other two items. I could not find the other two items using Explorer. I am not sure I know what I was doing on that step. I did run everything else. Below is the Hijack report and the AVG report. I believe I still have issues. Getting the blue screen.

e1.dll files: S32live1.dll; Kbdinbe1.dll; S32live1.dll Kbdinbe1.dll; Kbdinde1.dll; cn1760e1.dll

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:01:14 AM 12/24/2006

+ Scan result:



C:\WINDOWS\SYSTEM32\bitsprx4.dll -> Adware.AdRotate : Cleaned.
C:\Program Files\Cake Mania\bfgt_silent_en.exe/nickarcade.dll -> Adware.BHO : Cleaned.
C:\Program Files\SpongeBob SquarePants Diner Dash\bfgt_silent_en.exe/nickarcade.dll -> Adware.BHO : Cleaned.
C:\Program Files\nickarcade\nickarcade.dll -> Adware.BHO : Cleaned.
C:\Documents and Settings\Sy.MAIN\Cookies\sy@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Sy.MAIN\Cookies\sy@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sy.MAIN\Cookies\sy@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sy\Cookies\sy@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0127346.exe -> Worm.Warezov.eq : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0127358.dll -> Worm.Warezov.eq : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0126366.dll -> Worm.Warezov.et : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0126371.exe -> Worm.Warezov.et : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0127344.dll -> Worm.Warezov.et : Cleaned.
C:\WINDOWS\SYSTEM32\mcd3mscm.dll -> Worm.Warezov.et : Cleaned.
C:\WINDOWS\SYSTEM32\rdpwmsjt.exe -> Worm.Warezov.et : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP216\A0118149.dll -> Worm.Warezov.hw : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0126368.exe -> Worm.Warezov.ij : Cleaned.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 2:08:49 AM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: vb5dmspo.dll e1.dll confbrw.dll brwstat.dll
O20 - Winlogon Notify: brwmgr - C:\WINDOWS\
O20 - Winlogon Notify: slbipsch - C:\WINDOWS\system32\slbipsch.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » December 24th, 2006, 1:46 pm

Hi,

Let's try another tool.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

WinPFind log

Unread postby Lido » December 24th, 2006, 5:26 pm

WinPFind3 logfile created on: 12/24/2006 4:09:37 PM
WinPFind3U by OldTimer - Version 1.0.1 Folder = C:\Documents and Settings\Charles\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
aolsoftware.exe -> C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 7:24:16 PM | Attr = ]
ati2evxx.exe -> C:\WINDOWS\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
avgas.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
ctdvddet.exe -> C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr = ]
cthelper.exe -> C:\WINDOWS\SYSTEM32\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
ctsvccda.exe -> C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
ctsysvol.exe -> C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 9:18:24 AM | Attr = ]
cvpnd.exe -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.04.0043 | Size = 1422336 bytes | Modified Date = 6/10/2005 7:59:56 PM | Attr = ]
dcfssvc.exe -> C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.3900.0 | Size = 153150 bytes | Modified Date = 5/10/2001 3:41:04 PM | Attr = ]
dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
dsentry.exe -> C:\WINDOWS\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
em_exec.exe -> C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.77.023 | Size = 37888 bytes | Modified Date = 6/3/2003 10:50:00 AM | Attr = ]
frameworkservice.exe -> C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 10/16/2006 11:19:56 PM | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hpgs2wnf.exe -> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [Ver = 2,4,0,26 | Size = 65536 bytes | Modified Date = 7/3/2001 9:17:04 AM | Attr = ]
hpoevm07.exe -> C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 299008 bytes | Modified Date = 5/24/2002 12:16:56 AM | Attr = ]
hpofxm07.exe -> C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 184320 bytes | Modified Date = 5/24/2002 12:53:24 AM | Attr = ]
hpoorn07.exe -> C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 151552 bytes | Modified Date = 5/23/2002 11:52:06 PM | Attr = ]
hposts07.exe -> C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 294912 bytes | Modified Date = 5/24/2002 12:31:58 AM | Attr = ]
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 6/16/2004 5:03:04 AM | Attr = ]
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
mcshield.exe -> C:\Program Files\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.318 | Size = 221191 bytes | Modified Date = 2/14/2006 7:00:00 PM | Attr = ]
mm_tray.exe -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 110592 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
msgagt.exe -> C:\Program Files\Promise\Utility\MsgAgt.exe -> [Ver = Version 3.0 build 9 (08/08/2003) | Size = 610304 bytes | Modified Date = 8/20/2003 6:43:30 PM | Attr = ]
naprdmgr.exe -> C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 229376 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
ptssvc.exe -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/31/2001 4:41:32 PM | Attr = ]
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/24/2005 11:02:52 AM | Attr = ]
retrorun.exe -> C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -> EMC Dantz [Ver = 1.1.127 | Size = 73728 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
sdhelp.exe -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
shstat.exe -> C:\Program Files\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
startupmonitor.exe -> C:\WINDOWS\StartupMonitor.exe -> [Ver = | Size = 86016 bytes | Modified Date = 5/20/2000 4:23:48 PM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
uaservice7.exe -> C:\WINDOWS\SYSTEM32\UAService7.exe -> Sony DADC Austria AG. [Ver = 1,1,0,0 | Size = 122880 bytes | Modified Date = 4/12/2005 7:49:32 PM | Attr = ]
updaterui.exe -> C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
vstskmgr.exe -> C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1004 | Size = 29184 bytes | Modified Date = 6/8/2006 7:00:00 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Charles\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.1.0 | Size = 302592 bytes | Modified Date = 12/21/2006 8:20:08 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> C:\WINDOWS\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 5/15/2004 8:10:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.04.0043 | Size = 1422336 bytes | Modified Date = 6/10/2005 7:59:56 PM | Attr = ]
(Dcfssvc) Dcfssvc [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.3900.0 | Size = 153150 bytes | Modified Date = 5/10/2001 3:41:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> C:\Program Files\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.318 | Size = 221191 bytes | Modified Date = 2/14/2006 7:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1004 | Size = 29184 bytes | Modified Date = 6/8/2006 7:00:00 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(PREVXAgent) Prevx Agent [Win32_Own | Auto | Stopped] -> C:\Program Files\Prevx1\PXAgent.exe -> Prevx [Ver = 2.0.12.1 | Size = 139264 bytes | Modified Date = 12/13/2006 12:39:54 PM | Attr = ]
(ptssvc) ptssvc [Win32_Own | Auto | Running] -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/31/2001 4:41:32 PM | Attr = ]
(RAIDmAgt) Promise RAID message agent [Win32_Own | Auto | Running] -> C:\Program Files\Promise\Utility\MsgAgt.exe -> [Ver = Version 3.0 build 9 (08/08/2003) | Size = 610304 bytes | Modified Date = 8/20/2003 6:43:30 PM | Attr = ]
(RetroExp Helper) Retrospect Express HD Helper [Win32_Own | Auto | Stopped] -> C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe -> EMC Dantz [Ver = 1.1.127 | Size = 118784 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
(RetroExpLauncher) Retrospect Express HD Launcher [Win32_Own | Auto | Running] -> C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -> EMC Dantz [Ver = 1.1.127 | Size = 73728 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\UAService7.exe -> Sony DADC Austria AG. [Ver = 1,1,0,0 | Size = 122880 bytes | Modified Date = 4/12/2005 7:49:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
ATIPTA -> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 8/25/2004 12:52:00 PM | Attr = ]
CTDVDDet -> C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr = ]
CTHelper -> C:\WINDOWS\SYSTEM32\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
CTSysVol -> C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 9:18:24 AM | Attr = ]
dla -> C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
DVDSentry -> C:\WINDOWS\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
HostManager -> C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 7:24:16 PM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 221184 bytes | Modified Date = 6/16/2004 5:03:26 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 6/16/2004 5:03:04 AM | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
KernelFaultCheck -> -> File not found
Logitech Utility -> C:\WINDOWS\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.77.018 | Size = 19968 bytes | Modified Date = 5/16/2003 10:50:00 AM | Attr = ]
McAfeeUpdaterUI -> C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
MimBoot -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 11776 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
MMTray -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 110592 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
PrevxOne -> C:\Program Files\Prevx1\PXConsole.exe -> Prevx [Ver = 1.0.0.1 | Size = 1507328 bytes | Modified Date = 12/13/2006 12:39:20 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
Run StartupMonitor -> C:\WINDOWS\StartupMonitor.exe -> [Ver = | Size = 86016 bytes | Modified Date = 5/20/2000 4:23:48 PM | Attr = ]
ShStatEXE -> C:\Program Files\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
TkBellExe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/24/2005 11:02:52 AM | Attr = ]
UpdateManager -> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 1:01:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
SB Audigy 2 Startup Menu -> -> File not found
Sonic RecordNow! -> -> File not found
swg -> C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 10/16/2006 11:19:56 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
vb5dmspo.dll -> vb5dmspo.dll -> File not found
e1.dll -> e1.dll -> File not found
confbrw.dll -> confbrw.dll -> File not found
brwstat.dll -> brwstat.dll -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
brwmgr -> Reg Data - Value does not exist -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.cnn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} [HKLM] -> C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL [Nick Aracde Toolbar] -> File not found
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKLM] -> C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll [URLDetector Class] -> Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 1/10/2006 11:09:54 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.5.0.65 | Size = 786656 bytes | Modified Date = 12/9/2005 4:22:26 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{8DB3D69D-DA5E-4165-B781-72A761790672} [HKLM] -> C:\WINDOWS\SYSTEM32\BhoDshop.dll [DeskshopBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 3, 0, 3, 64 | Size = 69632 bytes | Modified Date = 10/30/2001 5:02:36 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.5.0.277 | Size = 848048 bytes | Modified Date = 2/6/2006 2:51:34 PM | Attr = ]
{C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 7/2/2005 8:16:36 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} [HKLM] -> C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL [Nick Aracde Toolbar] -> File not found
{67970B26-F57D-4455-8262-81C3AE3B8B5E} [HKLM] -> C:\Program Files\NetSnippets\NetSnip.DLL [Net Snippets] -> Net Snippets LTD. [Ver = 3, 2, 0, 9 | Size = 1437696 bytes | Modified Date = 12/20/2004 9:58:20 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} [HKLM] -> C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL [Nick Aracde Toolbar] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{1FA9B650-D1BC-4E43-96B3-13A32FC39732} -> 8193 - Reg Data - Key not found ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8199 - Reg Data - Value does not exist ->
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> 8197 - Reg Data - Key not found ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8198 - Yahoo! Messenger ->
{7130DF06-BBC1-4e16-83D4-1F875E65B695} -> 8196 - Reg Data - Value does not exist ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8198 - Uninstall BitDefender Online Scanner v8 ->
{9455301C-CF6B-11D3-A266-00C04F689C50} -> 8195 - Reg Data - Value does not exist ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8197 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->
{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8200 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{7130DF06-BBC1-4e16-83D4-1F875E65B695} -> Reg Data - Value does not exist [ButtonText: Snippets] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] ->
{9455301C-CF6B-11D3-A266-00C04F689C50} -> Reg Data - Value does not exist [ButtonText: Researcher] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] ->
{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} -> C:\Program Files\Secure Online Account Numbers\SOAN.exe [ButtonText: Secure Online Account Numbers] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 3, 3, 0 | Size = 196608 bytes | Modified Date = 8/2/2005 3:49:22 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar Search -> c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
Add to Net Snippets -> C:\Program Files\NetSnippets\Res\clipper.htm -> [Ver = | Size = 296 bytes | Modified Date = 10/2/2004 11:45:42 AM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
[HKLM] -> Reg Data - Key not found [] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> File not found
{7059DA7A-7E60-11d2-A355-00C04FB9D26E} [HKLM] -> C:\WINDOWS\SYSTEM32\MXONmSpace.dll [Maxtor Locked Drives] -> [Ver = | Size = 102400 bytes | Modified Date = 8/26/2004 11:53:14 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\System32\hticons.dll [HyperTerminal Icon Ext] -> File not found
{A4DF5659-0801-4A60-9607-1C48695EFDA9} [HKLM] -> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll [Share-to-Web Upload Folder] -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 131072 bytes | Modified Date = 7/3/2001 9:10:36 AM | Attr = ]
{acb4a560-3606-11d3-aef4-00104bd0f92d} [HKLM] -> C:\Program Files\Common Files\KODAK\IFSCore\shellext.dll [KodakShellExtension] -> Eastman Kodak [Ver = 2.0.1200 | Size = 229435 bytes | Modified Date = 5/1/2001 7:24:08 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> C:\Program Files\Sonic\RecordNow!\shlext.dll [RecordNow! SendToExt] -> Sonic Solutions [Ver = 1.0.0.1 | Size = 77824 bytes | Modified Date = 8/13/2003 7:00:00 AM | Attr = ]
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> Reg Data - Key not found [Universal Plug and Play Devices] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2219 | Size = 49198 bytes | Modified Date = 12/24/2005 11:03:04 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> C:\Program Files\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} [HKLM] -> c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [QuickFinderMenu] -> Novell, Inc., c/o Corel Corporation Limited [Ver = 11.0.0.233 | Size = 90172 bytes | Modified Date = 3/7/2003 6:00:32 AM | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> C:\Program Files\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> C:\Program Files\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{06D2FF32-A6F7-4F2B-9688-FFB9CF12A645} -> () ->
{13CD2169-F9CB-401F-A841-11A4C20F3183} -> () ->
{34266FBC-6066-41CF-B700-E2DC201CD369} -> (Intel(R) PRO/100 VE Network Connection) ->
{B2C804BC-884B-4036-A9C4-463769CD15E2} -> (1394 Net Adapter) ->
{C5C35463-11E0-4266-877F-CA08BA22D0FF} -> 38.9.211.2,38.9.221.2 (Broadcom NetXtreme Gigabit Ethernet) ->
{D1222F18-85A4-4631-BF74-59DE61F33708} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found

[Files - Created Wihin 30 days]
h.txt -> C:\h.txt -> [Ver = | Size = 16 bytes | Created Date = 12/23/2006 10:52:55 AM | Attr = ]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 1072750592 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
IPH.PH -> C:\IPH.PH -> [Ver = | Size = 867 bytes | Created Date = 12/16/2006 10:16:35 PM | Attr = H ]
Uninstall.exe -> C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\Uninstall.exe -> [Ver = | Size = 32675 bytes | Created Date = 12/16/2006 10:17:07 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Created Date = 12/24/2006 2:07:58 AM | Attr = ]
attcfg.tmp -> C:\WINDOWS\attcfg.tmp -> [Ver = | Size = 0 bytes | Created Date = 12/18/2006 3:35:32 PM | Attr = ]
b6iqdkku.scf -> C:\WINDOWS\b6iqdkku.scf -> [Ver = | Size = 0 bytes | Created Date = 12/17/2006 11:05:05 PM | Attr = ]
concfg.tmp -> C:\WINDOWS\concfg.tmp -> [Ver = | Size = 0 bytes | Created Date = 12/18/2006 3:35:32 PM | Attr = ]
egadata.tmp -> C:\WINDOWS\egadata.tmp -> [Ver = | Size = 0 bytes | Created Date = 12/18/2006 3:35:32 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 154974 bytes | Created Date = 12/24/2006 12:05:59 AM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/24/2006 9:51:43 AM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/24/2006 9:51:43 AM | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 972 bytes | Created Date = 12/24/2006 2:07:16 AM | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Created Date = 12/24/2006 2:07:50 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Created Date = 12/24/2006 2:07:53 AM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Created Date = 12/24/2006 2:07:50 AM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 29919 bytes | Created Date = 12/24/2006 2:06:17 AM | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 403 bytes | Created Date = 12/24/2006 2:13:36 AM | Attr = ]
java.exe -> C:\WINDOWS\System32\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 12/22/2006 5:24:41 PM | Attr = ]
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 12/22/2006 5:24:41 PM | Attr = ]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 12/22/2006 5:24:41 PM | Attr = ]
jupdate-1.5.0_10-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -> [Ver = | Size = 8657 bytes | Created Date = 12/22/2006 5:24:28 PM | Attr = ]
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 109738 bytes | Created Date = 12/23/2006 10:48:31 AM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/23/2006 5:41:34 PM | Attr = ]
pxcom.sys -> C:\WINDOWS\System32\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7552 bytes | Created Date = 12/23/2006 12:16:18 PM | Attr = ]
PxEmu.sys -> C:\WINDOWS\System32\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 100864 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxfsf.sys -> C:\WINDOWS\System32\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 274688 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxinst.dll -> C:\WINDOWS\System32\drivers\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7680 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxrd.sys -> C:\WINDOWS\System32\drivers\pxrd.sys -> [Ver = | Size = 13568 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxscinst.dll -> C:\WINDOWS\System32\drivers\pxscinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 9728 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxscrmbl.sys -> C:\WINDOWS\System32\drivers\pxscrmbl.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 11648 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxtdi.sys -> C:\WINDOWS\System32\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 18560 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 12/23/2006 1:08:15 AM | Attr = ]

[Files - Modified Wihin 30 days]
h.txt -> C:\h.txt -> [Ver = | Size = 16 bytes | Modified Date = 12/23/2006 10:52:56 AM | Attr = ]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 1072750592 bytes | Modified Date = 12/24/2006 3:56:28 PM | Attr = HS]
IPH.PH -> C:\IPH.PH -> [Ver = | Size = 867 bytes | Modified Date = 12/16/2006 10:17:30 PM | Attr = H ]
install.log -> C:\Program Files\Common Files\AOL\AOLDiag\install.log -> [Ver = | Size = 114390 bytes | Modified Date = 12/16/2006 10:16:52 PM | Attr = ]
tbunins.exe -> C:\Program Files\Common Files\AOL\AOLDiag\tbunins.exe -> AOL LLC [Ver = 3.3.11.1 | Size = 88673 bytes | Modified Date = 12/16/2006 10:16:52 PM | Attr = ]
Clean.dat -> C:\Program Files\Common Files\Network Associates\Engine\Clean.dat -> [Ver = | Size = 995123 bytes | Modified Date = 12/22/2006 5:10:00 AM | Attr = ]
Names.dat -> C:\Program Files\Common Files\Network Associates\Engine\Names.dat -> [Ver = | Size = 746606 bytes | Modified Date = 12/22/2006 5:10:00 AM | Attr = ]
Scan.dat -> C:\Program Files\Common Files\Network Associates\Engine\Scan.dat -> [Ver = | Size = 8072390 bytes | Modified Date = 12/22/2006 5:10:00 AM | Attr = ]
ocpiman.ini -> C:\Program Files\Common Files\AOL\1131573657\ee\ocpiman.ini -> [Ver = | Size = 555 bytes | Modified Date = 12/16/2006 10:17:08 PM | Attr = ]
CLEAN.DAT -> C:\Program Files\Common Files\Network Associates\Engine\OldDats\CLEAN.DAT -> [Ver = | Size = 990379 bytes | Modified Date = 12/15/2006 5:10:00 AM | Attr = ]
NAMES.DAT -> C:\Program Files\Common Files\Network Associates\Engine\OldDats\NAMES.DAT -> [Ver = | Size = 745600 bytes | Modified Date = 12/15/2006 5:10:00 AM | Attr = ]
SCAN.DAT -> C:\Program Files\Common Files\Network Associates\Engine\OldDats\SCAN.DAT -> [Ver = | Size = 8050433 bytes | Modified Date = 12/15/2006 5:10:00 AM | Attr = ]
TalkBack.ini -> C:\Program Files\Common Files\Network Associates\TalkBack\Data\TalkBack.ini -> [Ver = | Size = 35 bytes | Modified Date = 12/16/2006 12:02:34 PM | Attr = ]
Uninstall.exe -> C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\Uninstall.exe -> [Ver = | Size = 32675 bytes | Modified Date = 12/16/2006 10:17:08 PM | Attr = ]
MAPISVC.INF -> C:\Program Files\Common Files\System\Mapi\1033\MAPISVC.INF -> [Ver = | Size = 8305 bytes | Modified Date = 12/23/2006 10:40:48 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/24/2006 3:57:30 PM | Attr = ]
attcfg.tmp -> C:\WINDOWS\attcfg.tmp -> [Ver = | Size = 0 bytes | Modified Date = 12/18/2006 3:35:34 PM | Attr = ]
b6iqdkku.scf -> C:\WINDOWS\b6iqdkku.scf -> [Ver = | Size = 0 bytes | Modified Date = 12/17/2006 11:05:06 PM | Attr = ]
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 12/24/2006 3:56:30 PM | Attr = S]
concfg.tmp -> C:\WINDOWS\concfg.tmp -> [Ver = | Size = 0 bytes | Modified Date = 12/18/2006 3:35:34 PM | Attr = ]
egadata.tmp -> C:\WINDOWS\egadata.tmp -> [Ver = | Size = 0 bytes | Modified Date = 12/18/2006 3:35:34 PM | Attr = ]
MsgAgt.INI -> C:\WINDOWS\MsgAgt.INI -> [Ver = | Size = 64 bytes | Modified Date = 12/24/2006 3:56:56 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 154974 bytes | Modified Date = 12/24/2006 1:51:38 AM | Attr = ]
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 12/14/2006 8:01:06 PM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/24/2006 9:51:44 AM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/24/2006 9:51:44 AM | Attr = H ]
randseed.rnd -> C:\WINDOWS\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 12/23/2006 5:02:16 PM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 972 bytes | Modified Date = 12/24/2006 11:42:48 AM | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Modified Date = 12/24/2006 2:07:52 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/24/2006 3:56:58 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/24/2006 3:56:56 PM | Attr = ]
WIN.INI -> C:\WINDOWS\WIN.INI -> [Ver = | Size = 903 bytes | Modified Date = 12/4/2006 11:42:00 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 29919 bytes | Modified Date = 12/24/2006 4:07:10 PM | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 403 bytes | Modified Date = 12/24/2006 2:13:52 AM | Attr = ]
amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/4/2006 11:42:06 PM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
jupdate-1.5.0_10-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -> [Ver = | Size = 8657 bytes | Modified Date = 12/22/2006 5:24:42 PM | Attr = ]
kspydoc.log -> C:\WINDOWS\System32\kspydoc.log -> [Ver = | Size = 654973 bytes | Modified Date = 12/24/2006 3:56:28 PM | Attr = ]
nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/4/2006 11:42:06 PM | Attr = ]
PERFC009.DAT -> C:\WINDOWS\System32\PERFC009.DAT -> [Ver = | Size = 53436 bytes | Modified Date = 12/24/2006 4:00:58 PM | Attr = ]
PERFH009.DAT -> C:\WINDOWS\System32\PERFH009.DAT -> [Ver = | Size = 381692 bytes | Modified Date = 12/24/2006 4:00:58 PM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 441454 bytes | Modified Date = 12/24/2006 4:00:58 PM | Attr = ]
settings.sfm -> C:\WINDOWS\System32\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
settingsbkup.sfm -> C:\WINDOWS\System32\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 12/24/2006 2:27:10 AM | Attr = ]
Sweeper.cfg -> C:\WINDOWS\System32\Sweeper.cfg -> [Ver = | Size = 0 bytes | Modified Date = 12/24/2006 3:56:28 PM | Attr = ]
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 109738 bytes | Modified Date = 12/23/2006 10:48:42 AM | Attr = ]
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 12/24/2006 4:01:56 PM | Attr = ]
pxcom.sys -> C:\WINDOWS\System32\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7552 bytes | Modified Date = 12/8/2006 1:36:14 PM | Attr = ]
PxEmu.sys -> C:\WINDOWS\System32\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 100864 bytes | Modified Date = 12/8/2006 1:36:20 PM | Attr = ]
pxfsf.sys -> C:\WINDOWS\System32\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 274688 bytes | Modified Date = 12/8/2006 1:36:14 PM | Attr = ]
pxinst.dll -> C:\WINDOWS\System32\drivers\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7680 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxscinst.dll -> C:\WINDOWS\System32\drivers\pxscinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 9728 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxscrmbl.sys -> C:\WINDOWS\System32\drivers\pxscrmbl.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 11648 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxtdi.sys -> C:\WINDOWS\System32\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 18560 bytes | Modified Date = 12/8/2006 1:36:16 PM | Attr = ]
tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 12/23/2006 1:06:58 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> C:\Program Files\Common Files\AOL\1131573657\ee\ocpinst.log -> [Ver = | Size = 92868 bytes | Modified Date = 11/3/2006 11:28:28 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\AOL\1131573657\ee\services\boxelyToolkit\ver1_5_11_4\content\gadgets.box -> [Ver = | Size = 1962 bytes | Modified Date = 6/22/2006 5:41:04 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\AOL\1131573657\ee\services\boxelyToolkit\ver1_5_11_4\content\extrasPack\extraGadgets.box -> [Ver = | Size = 2408 bytes | Modified Date = 6/22/2006 5:41:06 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 5/3/2006 2:30:58 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4482680 bytes | Modified Date = 7/26/2006 2:34:04 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
WSUD , -> C:\Program Files\Common Files\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 1/12/1999 11:29:28 AM | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Network Associates\Engine\McScan32.dll -> McAfee, Inc. [Ver = 5.1.00 | Size = 2867438 bytes | Modified Date = 7/10/2006 5:10:00 AM | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Network Associates\Engine\OldEngine\MCSCAN32.Sav -> McAfee, Inc. [Ver = 4.4.00 | Size = 1949766 bytes | Modified Date = 10/7/2004 3:40:00 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 8/9/2003 6:36:56 PM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 12/24/2005 11:03:16 AM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 126, 3 | Size = 559784 bytes | Modified Date = 12/24/2005 11:03:16 AM | Attr = ]
PECompact2 , -> C:\WINDOWS\LPT$VPN.174 -> [Ver = | Size = 9780504 bytes | Modified Date = 9/17/2004 6:47:58 PM | Attr = ]
PECompact2 , -> C:\WINDOWS\VPTNFILE.174 -> [Ver = | Size = 9780504 bytes | Modified Date = 9/17/2004 6:47:58 PM | Attr = ]
UPX! , aspack , -> C:\WINDOWS\vsapi32.dll -> Trend Micro Inc. [Ver = 7.000-1004 | Size = 1036800 bytes | Modified Date = 5/14/2004 10:07:58 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\CSGina.dll -> [Ver = | Size = 177152 bytes | Modified Date = 6/10/2005 7:59:54 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
abetterinternet.com , -> C:\WINDOWS\System32\fiz11 -> [Ver = | Size = 29258 bytes | Modified Date = 3/5/2004 11:53:44 PM | Attr = H ]
winsync , -> C:\WINDOWS\System32\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 9/8/2003 1:13:26 PM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » December 24th, 2006, 7:31 pm

Hi,

Please print these directions so that they will be available to you later in Safe Mode. Also, please follow them in the order they are presented.

Open AVG Anti Spyware and update it to the latest definitions to make it ready to use later in Safe Mode.

====================================

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> KernelFaultCheck ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> vb5dmspo.dll -> vb5dmspo.dll
YN -> e1.dll -> e1.dll
YN -> confbrw.dll -> confbrw.dll
YN -> brwstat.dll -> brwstat.dll
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> brwmgr -> Reg Data - Value does not exist
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files - Modified Wihin 30 days]
NY -> attcfg.tmp -> C:\WINDOWS\attcfg.tmp
NY -> b6iqdkku.scf -> C:\WINDOWS\b6iqdkku.scf
NY -> concfg.tmp -> C:\WINDOWS\concfg.tmp
NY -> egadata.tmp -> C:\WINDOWS\egadata.tmp

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

=======================================

Reboot into Safe Mode following my earlier instructions:

=======================================

Once in Safe Mode, start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

=======================================

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  1. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  2. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  3. Next select the "Reports" icon at the top.
  4. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  5. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

=======================================

Post back the following please:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Follow Up and thank you

Unread postby Lido » December 24th, 2006, 11:05 pm

OK. After running the WinP, it didn't ask for reboot. I did so manually. After running the AVG, I received two messages when I intructed to quarantine. Both in succession said a System Volume file with several numbers (I think identical, except the first one had this at the end: nickarcade.dll) because they are embedded in an SystemVolume file. I think I intructed it to quarantee the whole thing. I don't know if I understand your request for the latest .log file. Is it this:

[Registry - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck .
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls written successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls written successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls written successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls written successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr .
Unable to delete registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} .
Unable to delete registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} .
Unable to delete registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} .
[Files - Modified Wihin 30 days]
File C:\WINDOWS\attcfg.tmp not found!
File C:\WINDOWS\b6iqdkku.scf not found!
File C:\WINDOWS\concfg.tmp not found!
File C:\WINDOWS\egadata.tmp not found!
< End of log >
Created on 12/24/2006 19:51:20

############# WINPFIND REPORT:

inPFind3 logfile created on: 12/24/2006 9:32:01 PM
WinPFind3U by OldTimer - Version 1.0.1 Folder = C:\Documents and Settings\Charles\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
aolsoftware.exe -> C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 7:24:16 PM | Attr = ]
ati2evxx.exe -> C:\WINDOWS\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
avgas.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
ctdvddet.exe -> C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr = ]
cthelper.exe -> C:\WINDOWS\SYSTEM32\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
ctsvccda.exe -> C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
ctsysvol.exe -> C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 9:18:24 AM | Attr = ]
cvpnd.exe -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.04.0043 | Size = 1422336 bytes | Modified Date = 6/10/2005 7:59:56 PM | Attr = ]
dcfssvc.exe -> C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.3900.0 | Size = 153150 bytes | Modified Date = 5/10/2001 3:41:04 PM | Attr = ]
dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
dsentry.exe -> C:\WINDOWS\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
em_exec.exe -> C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.77.023 | Size = 37888 bytes | Modified Date = 6/3/2003 10:50:00 AM | Attr = ]
frameworkservice.exe -> C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 10/16/2006 11:19:56 PM | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hpoevm07.exe -> C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 299008 bytes | Modified Date = 5/24/2002 12:16:56 AM | Attr = ]
hpofxm07.exe -> C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 184320 bytes | Modified Date = 5/24/2002 12:53:24 AM | Attr = ]
hpoorn07.exe -> C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 151552 bytes | Modified Date = 5/23/2002 11:52:06 PM | Attr = ]
hposts07.exe -> C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 294912 bytes | Modified Date = 5/24/2002 12:31:58 AM | Attr = ]
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 6/16/2004 5:03:04 AM | Attr = ]
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
mcshield.exe -> C:\Program Files\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.318 | Size = 221191 bytes | Modified Date = 2/14/2006 7:00:00 PM | Attr = ]
mm_tray.exe -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 110592 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
msgagt.exe -> C:\Program Files\Promise\Utility\MsgAgt.exe -> [Ver = Version 3.0 build 9 (08/08/2003) | Size = 610304 bytes | Modified Date = 8/20/2003 6:43:30 PM | Attr = ]
naprdmgr.exe -> C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 229376 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
ptssvc.exe -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/31/2001 4:41:32 PM | Attr = ]
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/24/2005 11:02:52 AM | Attr = ]
retrorun.exe -> C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -> EMC Dantz [Ver = 1.1.127 | Size = 73728 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
sdhelp.exe -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
sgtray.exe -> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 1:01:00 AM | Attr = ]
shstat.exe -> C:\Program Files\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
startupmonitor.exe -> C:\WINDOWS\StartupMonitor.exe -> [Ver = | Size = 86016 bytes | Modified Date = 5/20/2000 4:23:48 PM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
uaservice7.exe -> C:\WINDOWS\SYSTEM32\UAService7.exe -> Sony DADC Austria AG. [Ver = 1,1,0,0 | Size = 122880 bytes | Modified Date = 4/12/2005 7:49:32 PM | Attr = ]
updaterui.exe -> C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
vstskmgr.exe -> C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1004 | Size = 29184 bytes | Modified Date = 6/8/2006 7:00:00 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Charles\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.1.0 | Size = 302592 bytes | Modified Date = 12/21/2006 8:20:08 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> C:\WINDOWS\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 5/15/2004 8:10:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.04.0043 | Size = 1422336 bytes | Modified Date = 6/10/2005 7:59:56 PM | Attr = ]
(Dcfssvc) Dcfssvc [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.3900.0 | Size = 153150 bytes | Modified Date = 5/10/2001 3:41:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> C:\Program Files\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.318 | Size = 221191 bytes | Modified Date = 2/14/2006 7:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1004 | Size = 29184 bytes | Modified Date = 6/8/2006 7:00:00 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(PREVXAgent) Prevx Agent [Win32_Own | Auto | Stopped] -> C:\Program Files\Prevx1\PXAgent.exe -> Prevx [Ver = 2.0.12.1 | Size = 139264 bytes | Modified Date = 12/13/2006 12:39:54 PM | Attr = ]
(ptssvc) ptssvc [Win32_Own | Auto | Running] -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/31/2001 4:41:32 PM | Attr = ]
(RAIDmAgt) Promise RAID message agent [Win32_Own | Auto | Running] -> C:\Program Files\Promise\Utility\MsgAgt.exe -> [Ver = Version 3.0 build 9 (08/08/2003) | Size = 610304 bytes | Modified Date = 8/20/2003 6:43:30 PM | Attr = ]
(RetroExp Helper) Retrospect Express HD Helper [Win32_Own | Auto | Stopped] -> C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe -> EMC Dantz [Ver = 1.1.127 | Size = 118784 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
(RetroExpLauncher) Retrospect Express HD Launcher [Win32_Own | Auto | Running] -> C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -> EMC Dantz [Ver = 1.1.127 | Size = 73728 bytes | Modified Date = 2/6/2006 7:22:54 AM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> C:\WINDOWS\SYSTEM32\UAService7.exe -> Sony DADC Austria AG. [Ver = 1,1,0,0 | Size = 122880 bytes | Modified Date = 4/12/2005 7:49:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
ATIPTA -> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 8/25/2004 12:52:00 PM | Attr = ]
CTDVDDet -> C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr = ]
CTHelper -> C:\WINDOWS\SYSTEM32\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
CTSysVol -> C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 9:18:24 AM | Attr = ]
dla -> C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
DVDSentry -> C:\WINDOWS\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
HostManager -> C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 7:24:16 PM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 221184 bytes | Modified Date = 6/16/2004 5:03:26 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 6/16/2004 5:03:04 AM | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
Logitech Utility -> C:\WINDOWS\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.77.018 | Size = 19968 bytes | Modified Date = 5/16/2003 10:50:00 AM | Attr = ]
McAfeeUpdaterUI -> C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 2:55:00 AM | Attr = ]
MimBoot -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 11776 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
MMTray -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.3058 | Size = 110592 bytes | Modified Date = 3/12/2005 6:25:00 AM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
PrevxOne -> C:\Program Files\Prevx1\PXConsole.exe -> Prevx [Ver = 1.0.0.1 | Size = 1507328 bytes | Modified Date = 12/13/2006 12:39:20 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
Run StartupMonitor -> C:\WINDOWS\StartupMonitor.exe -> [Ver = | Size = 86016 bytes | Modified Date = 5/20/2000 4:23:48 PM | Attr = ]
ShStatEXE -> C:\Program Files\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
TkBellExe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/24/2005 11:02:52 AM | Attr = ]
UpdateManager -> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 1:01:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
SB Audigy 2 Startup Menu -> -> File not found
Sonic RecordNow! -> -> File not found
swg -> C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 10/16/2006 11:19:56 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
-> -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.cnn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} [HKLM] -> C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL [Nick Aracde Toolbar] -> File not found
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKLM] -> C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll [URLDetector Class] -> Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 1/10/2006 11:09:54 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.5.0.65 | Size = 786656 bytes | Modified Date = 12/9/2005 4:22:26 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{8DB3D69D-DA5E-4165-B781-72A761790672} [HKLM] -> C:\WINDOWS\SYSTEM32\BhoDshop.dll [DeskshopBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 3, 0, 3, 64 | Size = 69632 bytes | Modified Date = 10/30/2001 5:02:36 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.5.0.277 | Size = 848048 bytes | Modified Date = 2/6/2006 2:51:34 PM | Attr = ]
{C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 7/2/2005 8:16:36 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} [HKLM] -> C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL [Nick Aracde Toolbar] -> File not found
{67970B26-F57D-4455-8262-81C3AE3B8B5E} [HKLM] -> C:\Program Files\NetSnippets\NetSnip.DLL [Net Snippets] -> Net Snippets LTD. [Ver = 3, 2, 0, 9 | Size = 1437696 bytes | Modified Date = 12/20/2004 9:58:20 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} [HKLM] -> C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL [Nick Aracde Toolbar] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{1FA9B650-D1BC-4E43-96B3-13A32FC39732} -> 8193 - Reg Data - Key not found ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8199 - Reg Data - Value does not exist ->
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> 8197 - Reg Data - Key not found ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8198 - Yahoo! Messenger ->
{7130DF06-BBC1-4e16-83D4-1F875E65B695} -> 8196 - Reg Data - Value does not exist ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8198 - Uninstall BitDefender Online Scanner v8 ->
{9455301C-CF6B-11D3-A266-00C04F689C50} -> 8195 - Reg Data - Value does not exist ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8197 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->
{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8200 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{7130DF06-BBC1-4e16-83D4-1F875E65B695} -> Reg Data - Value does not exist [ButtonText: Snippets] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] ->
{9455301C-CF6B-11D3-A266-00C04F689C50} -> Reg Data - Value does not exist [ButtonText: Researcher] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] ->
{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} -> C:\Program Files\Secure Online Account Numbers\SOAN.exe [ButtonText: Secure Online Account Numbers] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 3, 3, 0 | Size = 196608 bytes | Modified Date = 8/2/2005 3:49:22 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar Search -> c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
Add to Net Snippets -> C:\Program Files\NetSnippets\Res\clipper.htm -> [Ver = | Size = 296 bytes | Modified Date = 10/2/2004 11:45:42 AM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
[HKLM] -> Reg Data - Key not found [] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> File not found
{7059DA7A-7E60-11d2-A355-00C04FB9D26E} [HKLM] -> C:\WINDOWS\SYSTEM32\MXONmSpace.dll [Maxtor Locked Drives] -> [Ver = | Size = 102400 bytes | Modified Date = 8/26/2004 11:53:14 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\System32\hticons.dll [HyperTerminal Icon Ext] -> File not found
{A4DF5659-0801-4A60-9607-1C48695EFDA9} [HKLM] -> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll [Share-to-Web Upload Folder] -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 131072 bytes | Modified Date = 7/3/2001 9:10:36 AM | Attr = ]
{acb4a560-3606-11d3-aef4-00104bd0f92d} [HKLM] -> C:\Program Files\Common Files\KODAK\IFSCore\shellext.dll [KodakShellExtension] -> Eastman Kodak [Ver = 2.0.1200 | Size = 229435 bytes | Modified Date = 5/1/2001 7:24:08 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> C:\Program Files\Sonic\RecordNow!\shlext.dll [RecordNow! SendToExt] -> Sonic Solutions [Ver = 1.0.0.1 | Size = 77824 bytes | Modified Date = 8/13/2003 7:00:00 AM | Attr = ]
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> Reg Data - Key not found [Universal Plug and Play Devices] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2219 | Size = 49198 bytes | Modified Date = 12/24/2005 11:03:04 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> C:\Program Files\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} [HKLM] -> c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [QuickFinderMenu] -> Novell, Inc., c/o Corel Corporation Limited [Ver = 11.0.0.233 | Size = 90172 bytes | Modified Date = 3/7/2003 6:00:32 AM | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> C:\Program Files\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> C:\Program Files\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 9/22/2004 7:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{06D2FF32-A6F7-4F2B-9688-FFB9CF12A645} -> () ->
{13CD2169-F9CB-401F-A841-11A4C20F3183} -> () ->
{34266FBC-6066-41CF-B700-E2DC201CD369} -> (Intel(R) PRO/100 VE Network Connection) ->
{B2C804BC-884B-4036-A9C4-463769CD15E2} -> (1394 Net Adapter) ->
{C5C35463-11E0-4266-877F-CA08BA22D0FF} -> 38.9.211.2,38.9.221.2 (Broadcom NetXtreme Gigabit Ethernet) ->
{D1222F18-85A4-4631-BF74-59DE61F33708} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found

[Files - Created Wihin 30 days]
h.txt -> C:\h.txt -> [Ver = | Size = 16 bytes | Created Date = 12/23/2006 10:52:55 AM | Attr = ]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 1072750592 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
IPH.PH -> C:\IPH.PH -> [Ver = | Size = 867 bytes | Created Date = 12/16/2006 10:16:35 PM | Attr = H ]
Uninstall.exe -> C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\Uninstall.exe -> [Ver = | Size = 32675 bytes | Created Date = 12/16/2006 10:17:07 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Created Date = 12/24/2006 9:28:22 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 176 bytes | Created Date = 12/24/2006 8:06:55 PM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/24/2006 9:51:43 AM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/24/2006 9:51:43 AM | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 236 bytes | Created Date = 12/24/2006 9:27:24 PM | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Created Date = 12/24/2006 9:27:43 PM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Created Date = 12/24/2006 9:27:44 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Created Date = 12/24/2006 9:27:43 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 2961 bytes | Created Date = 12/24/2006 9:26:36 PM | Attr = ]
java.exe -> C:\WINDOWS\System32\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 12/22/2006 5:24:41 PM | Attr = ]
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 12/22/2006 5:24:41 PM | Attr = ]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 12/22/2006 5:24:41 PM | Attr = ]
jupdate-1.5.0_10-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -> [Ver = | Size = 8657 bytes | Created Date = 12/22/2006 5:24:28 PM | Attr = ]
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 109738 bytes | Created Date = 12/23/2006 10:48:31 AM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/23/2006 5:41:34 PM | Attr = ]
pxcom.sys -> C:\WINDOWS\System32\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7552 bytes | Created Date = 12/23/2006 12:16:18 PM | Attr = ]
PxEmu.sys -> C:\WINDOWS\System32\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 100864 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxfsf.sys -> C:\WINDOWS\System32\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 274688 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxinst.dll -> C:\WINDOWS\System32\drivers\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7680 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxrd.sys -> C:\WINDOWS\System32\drivers\pxrd.sys -> [Ver = | Size = 13568 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxscinst.dll -> C:\WINDOWS\System32\drivers\pxscinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 9728 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxscrmbl.sys -> C:\WINDOWS\System32\drivers\pxscrmbl.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 11648 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
pxtdi.sys -> C:\WINDOWS\System32\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 18560 bytes | Created Date = 12/23/2006 12:16:19 PM | Attr = ]
tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 12/23/2006 1:08:15 AM | Attr = ]

[Files - Modified Wihin 30 days]
h.txt -> C:\h.txt -> [Ver = | Size = 16 bytes | Modified Date = 12/23/2006 10:52:56 AM | Attr = ]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 1072750592 bytes | Modified Date = 12/24/2006 9:27:22 PM | Attr = HS]
IPH.PH -> C:\IPH.PH -> [Ver = | Size = 867 bytes | Modified Date = 12/16/2006 10:17:30 PM | Attr = H ]
install.log -> C:\Program Files\Common Files\AOL\AOLDiag\install.log -> [Ver = | Size = 114390 bytes | Modified Date = 12/16/2006 10:16:52 PM | Attr = ]
tbunins.exe -> C:\Program Files\Common Files\AOL\AOLDiag\tbunins.exe -> AOL LLC [Ver = 3.3.11.1 | Size = 88673 bytes | Modified Date = 12/16/2006 10:16:52 PM | Attr = ]
Clean.dat -> C:\Program Files\Common Files\Network Associates\Engine\Clean.dat -> [Ver = | Size = 995123 bytes | Modified Date = 12/22/2006 5:10:00 AM | Attr = ]
Names.dat -> C:\Program Files\Common Files\Network Associates\Engine\Names.dat -> [Ver = | Size = 746606 bytes | Modified Date = 12/22/2006 5:10:00 AM | Attr = ]
Scan.dat -> C:\Program Files\Common Files\Network Associates\Engine\Scan.dat -> [Ver = | Size = 8072390 bytes | Modified Date = 12/22/2006 5:10:00 AM | Attr = ]
ocpiman.ini -> C:\Program Files\Common Files\AOL\1131573657\ee\ocpiman.ini -> [Ver = | Size = 555 bytes | Modified Date = 12/16/2006 10:17:08 PM | Attr = ]
CLEAN.DAT -> C:\Program Files\Common Files\Network Associates\Engine\OldDats\CLEAN.DAT -> [Ver = | Size = 990379 bytes | Modified Date = 12/15/2006 5:10:00 AM | Attr = ]
NAMES.DAT -> C:\Program Files\Common Files\Network Associates\Engine\OldDats\NAMES.DAT -> [Ver = | Size = 745600 bytes | Modified Date = 12/15/2006 5:10:00 AM | Attr = ]
SCAN.DAT -> C:\Program Files\Common Files\Network Associates\Engine\OldDats\SCAN.DAT -> [Ver = | Size = 8050433 bytes | Modified Date = 12/15/2006 5:10:00 AM | Attr = ]
TalkBack.ini -> C:\Program Files\Common Files\Network Associates\TalkBack\Data\TalkBack.ini -> [Ver = | Size = 35 bytes | Modified Date = 12/16/2006 12:02:34 PM | Attr = ]
Uninstall.exe -> C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\Uninstall.exe -> [Ver = | Size = 32675 bytes | Modified Date = 12/16/2006 10:17:08 PM | Attr = ]
MAPISVC.INF -> C:\Program Files\Common Files\System\Mapi\1033\MAPISVC.INF -> [Ver = | Size = 8305 bytes | Modified Date = 12/23/2006 10:40:48 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/24/2006 9:28:24 PM | Attr = ]
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 12/24/2006 9:27:24 PM | Attr = S]
MsgAgt.INI -> C:\WINDOWS\MsgAgt.INI -> [Ver = | Size = 64 bytes | Modified Date = 12/24/2006 9:27:44 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 176 bytes | Modified Date = 12/24/2006 9:11:46 PM | Attr = ]
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 12/14/2006 8:01:06 PM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/24/2006 9:51:44 AM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/24/2006 9:51:44 AM | Attr = H ]
randseed.rnd -> C:\WINDOWS\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 12/24/2006 5:14:10 PM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 236 bytes | Modified Date = 12/24/2006 9:27:26 PM | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Modified Date = 12/24/2006 9:27:44 PM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/24/2006 9:27:46 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/24/2006 9:27:46 PM | Attr = ]
WIN.INI -> C:\WINDOWS\WIN.INI -> [Ver = | Size = 903 bytes | Modified Date = 12/4/2006 11:42:00 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 2961 bytes | Modified Date = 12/24/2006 9:27:46 PM | Attr = ]
{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> [Ver = | Size = 4932148 bytes | Modified Date = 12/24/2006 7:53:44 PM | Attr = ]
amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/4/2006 11:42:06 PM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
jupdate-1.5.0_10-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -> [Ver = | Size = 8657 bytes | Modified Date = 12/22/2006 5:24:42 PM | Attr = ]
kspydoc.log -> C:\WINDOWS\System32\kspydoc.log -> [Ver = | Size = 666023 bytes | Modified Date = 12/24/2006 9:27:22 PM | Attr = ]
nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/4/2006 11:42:06 PM | Attr = ]
PERFC009.DAT -> C:\WINDOWS\System32\PERFC009.DAT -> [Ver = | Size = 53436 bytes | Modified Date = 12/24/2006 9:31:46 PM | Attr = ]
PERFH009.DAT -> C:\WINDOWS\System32\PERFH009.DAT -> [Ver = | Size = 381692 bytes | Modified Date = 12/24/2006 9:31:46 PM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 441454 bytes | Modified Date = 12/24/2006 9:31:46 PM | Attr = ]
settings.sfm -> C:\WINDOWS\System32\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
settingsbkup.sfm -> C:\WINDOWS\System32\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 12/24/2006 7:54:18 PM | Attr = ]
Sweeper.cfg -> C:\WINDOWS\System32\Sweeper.cfg -> [Ver = | Size = 0 bytes | Modified Date = 12/24/2006 9:27:20 PM | Attr = ]
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 109738 bytes | Modified Date = 12/23/2006 10:48:42 AM | Attr = ]
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 12/24/2006 9:29:18 PM | Attr = ]
pxcom.sys -> C:\WINDOWS\System32\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7552 bytes | Modified Date = 12/8/2006 1:36:14 PM | Attr = ]
PxEmu.sys -> C:\WINDOWS\System32\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 100864 bytes | Modified Date = 12/8/2006 1:36:20 PM | Attr = ]
pxfsf.sys -> C:\WINDOWS\System32\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 274688 bytes | Modified Date = 12/8/2006 1:36:14 PM | Attr = ]
pxinst.dll -> C:\WINDOWS\System32\drivers\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 7680 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxscinst.dll -> C:\WINDOWS\System32\drivers\pxscinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 9728 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxscrmbl.sys -> C:\WINDOWS\System32\drivers\pxscrmbl.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 11648 bytes | Modified Date = 12/8/2006 1:36:18 PM | Attr = ]
pxtdi.sys -> C:\WINDOWS\System32\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.7881 built by: WinDDK | Size = 18560 bytes | Modified Date = 12/8/2006 1:36:16 PM | Attr = ]
tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 12/23/2006 1:06:58 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> C:\Program Files\Common Files\AOL\1131573657\ee\ocpinst.log -> [Ver = | Size = 92868 bytes | Modified Date = 11/3/2006 11:28:28 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\AOL\1131573657\ee\services\boxelyToolkit\ver1_5_11_4\content\gadgets.box -> [Ver = | Size = 1962 bytes | Modified Date = 6/22/2006 5:41:04 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\AOL\1131573657\ee\services\boxelyToolkit\ver1_5_11_4\content\extrasPack\extraGadgets.box -> [Ver = | Size = 2408 bytes | Modified Date = 6/22/2006 5:41:06 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 5/3/2006 2:30:58 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4482680 bytes | Modified Date = 7/26/2006 2:34:04 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
WSUD , -> C:\Program Files\Common Files\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 1/12/1999 11:29:28 AM | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Network Associates\Engine\McScan32.dll -> McAfee, Inc. [Ver = 5.1.00 | Size = 2867438 bytes | Modified Date = 7/10/2006 5:10:00 AM | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Network Associates\Engine\OldEngine\MCSCAN32.Sav -> McAfee, Inc. [Ver = 4.4.00 | Size = 1949766 bytes | Modified Date = 10/7/2004 3:40:00 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 8/9/2003 6:36:56 PM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 12/24/2005 11:03:16 AM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 126, 3 | Size = 559784 bytes | Modified Date = 12/24/2005 11:03:16 AM | Attr = ]
PECompact2 , -> C:\WINDOWS\LPT$VPN.174 -> [Ver = | Size = 9780504 bytes | Modified Date = 9/17/2004 6:47:58 PM | Attr = ]
PECompact2 , -> C:\WINDOWS\VPTNFILE.174 -> [Ver = | Size = 9780504 bytes | Modified Date = 9/17/2004 6:47:58 PM | Attr = ]
UPX! , aspack , -> C:\WINDOWS\vsapi32.dll -> Trend Micro Inc. [Ver = 7.000-1004 | Size = 1036800 bytes | Modified Date = 5/14/2004 10:07:58 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\CSGina.dll -> [Ver = | Size = 177152 bytes | Modified Date = 6/10/2005 7:59:54 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
abetterinternet.com , -> C:\WINDOWS\System32\fiz11 -> [Ver = | Size = 29258 bytes | Modified Date = 3/5/2004 11:53:44 PM | Attr = H ]
winsync , -> C:\WINDOWS\System32\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 9/8/2003 1:13:26 PM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

###########AVG REPORT:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:21:20 PM 12/24/2006

+ Scan result:



C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0129393.dll -> Adware.AdRotate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0129390.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0129391.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP223\A0129392.dll -> Adware.BHO : Cleaned with backup (quarantined).


::Report end

Thanks.
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » December 24th, 2006, 11:25 pm

Hi,

Please post a fresh HijackThis log and let me know how the computer is running now.

P.S. Make sure that you reboot your computer before running the HijackThis log.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

HiJack Log

Unread postby Lido » December 24th, 2006, 11:55 pm

Computer does seem more stable. Here is log:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:44 PM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: slbipsch - C:\WINDOWS\system32\slbipsch.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » December 25th, 2006, 12:23 am

Hello,

We'll need to disable the realtime scanners so that they will not interfere with the fix.

Open AVG Anti Spyware.
Under 'Status',click on "change status" to make it 'inactive'. Once your log is clean you can re-enable it.
***********
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor
Once your log is clean you can re-enable Spyware Doctor.
***********
I have never used Prevx1, so I don't know how to disable it. You'll have to find that out yourself. Usually there is an icon in the taskbar.... right click on it and see if there is an option to turn it off.

============================

Scan with HijackThis and put a checkmark against the following entries:

O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: slbipsch - C:\WINDOWS\system32\slbipsch.dll (file missing)

Make sure that you close all other browsers/windows/applications/email, etc., except HijackThis and click on "fix checked".

=============================

Reboot and post a fresh HijackThis log please.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

More

Unread postby Lido » December 25th, 2006, 1:50 am

OK. On the attempt to delete the three "02" items, this message displayed: Unexpected error: modBackup_makebackup (sitem=20AppInt_DLLs: ) Error #5 Invalid procedure call or argument. As you can see below, the three O2 items remain.

Logfile of HijackThis v1.99.1
Scan saved at 12:43:58 AM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » December 25th, 2006, 1:32 pm

Hi,

The error message is OK. The fix for 020 worked. The 02 lines are stubborn. We'll work on those. I have seen this happen before and they are very difficult to remove. They don't pose any threat as they are but just nuisance.

Go to Start>Control Panel>Add/Remove Programs and see if the following program is present. If so, remove it.

Nick Aracde Toolbar

Then, using Windows Explorer (right click on Start, click on Explore), locate and delete its folder, if exists: C:\PROGRAM FILES\NICKARACDE TOOLBAR or C:\PROGRAM FILES\NICKARACDE

=====================================

Please try fixing them again with the HijackThis in Safe Mode. Disable your realtime scanners like before. Reboot and allow the changes if you're asked.

O2 - BHO: (no name) - {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5} - (no file)
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O2 - BHO: (no name) - {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2} - (no file)
O2 - BHO: (no name) - {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC} - (no file)
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)


=====================================

If that doesn't work, try the following:

Download and install Registrar Lite version 4.03
  • Double click the Registrar Lite icon on your desktop.
  • Copy the line below and paste it into the "Address" field (located at the top) of the program:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • Click the "Go" button.
  • On the right-hand side it will load all of your BHOs (you'll just see a bunch of numbers)
  • Locate the following entries:
      {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5}
      {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E}
      {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2}
      {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC}
  • Right-click on each one and select Properties
  • Click the Permissions Button and a new window will open.
  • Click the Advanced button
  • Place a checkmark next to the following:
    'Inherit from parent the permission entries that apply to child objects...'
  • Click OK, Ok again and rightclick on each of the following:
      {4E1159CF-BCA3-3EA8-7BC9-4DF71B5AB4E5}
      {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E}
      {C85E3AE6-972D-DD7D-B47C-8E44B2FCC9D2}
      {EB499C6B-4EEE-CB6B-43B7-4EC6302D27CC}
  • Choose delete.
  • Exit Registrar Lite.
Please reboot.
=============================

Perform an online scan with Internet Explorer with Panda ActiveScan
  • Click on Image located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Image then click Image and post back the contents please.


=================================

Please download Combofix and save it to your desktop.
Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Post the ComboFix.txt in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===============================

Post back a fresh HijackThis log taken after the reboot along with the Panda results and the ComboFix.text.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Follow up

Unread postby Lido » December 25th, 2006, 11:39 pm

OK. Tried to take out Nick Arcade with Add/Remove. Message: Cannot unregister. I was able to find Nick in search and delete. On HiJack in safe mode, would not remove the other 02 items (the Nick 02 and 03 items were gone). Using Resistrar, the second line {4E7BD74F} not there. On the other three, received this message: 5. Access denied. Did the Panda scan and the Combofix. Then went back in with HiJack; the three 02 lines there. Deleted them and they stayed deleted this time. Rebooted and checked HiJack. Ran the following:

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
##############

Do you want me to also post the Panda report and the ComboFix report?
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Unread postby amateur » December 26th, 2006, 8:24 am

Do you want me to also post the Panda report and the ComboFix report?

Yes, please. Also a New HijackThis log. The top part of the log is missing.
Thanks.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Reports

Unread postby Lido » December 26th, 2006, 8:37 pm

Logfile of HijackThis v1.99.1
Scan saved at 7:15:23 PM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Charles\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131573657\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://ppeltz1234.nomad.utk.edu/img/NetCamPlayerWeb.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6596693609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth ... peedop.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx ... loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.47/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C35463-11E0-4266-877F-CA08BA22D0FF}: NameServer = 38.9.211.2,38.9.221.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

##############PANDA

Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Charles\Favorites\Health
Adware:adware/comedy-planet Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Charles\Cookies\charles@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Charles\Cookies\charles@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Charles\Cookies\charles@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Charles\Cookies\charles@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Charles\Cookies\charles@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charles\Cookies\charles@bs.serving-sys[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Charles\Cookies\charles@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charles\Cookies\charles@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Charles\Cookies\charles@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Charles\Cookies\charles@statse.webtrendslive[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Charles\Cookies\charles@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Charles\Cookies\charles@tribalfusion[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sloane\Cookies\sloane@target[1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Sy\Cookies\sy@64.62.232[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sy\Cookies\sy@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sy\Cookies\sy@888[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sy\Cookies\sy@adopt.hbmediapro[2].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Sy\Cookies\sy@ads.gorillanation[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Sy\Cookies\sy@adultfriendfinder[2].txt
Spyware:Cookie/Adwareremover Not disinfected C:\Documents and Settings\Sy\Cookies\sy@adwareremovergold[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sy\Cookies\sy@apmebf[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sy\Cookies\sy@ath.belnk[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sy\Cookies\sy@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sy\Cookies\sy@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sy\Cookies\sy@c3.gostats[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Sy\Cookies\sy@cassava[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sy\Cookies\sy@CAZFE5CF.txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sy\Cookies\sy@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sy\Cookies\sy@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sy\Cookies\sy@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sy\Cookies\sy@cgi-bin[8].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sy\Cookies\sy@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sy\Cookies\sy@dist.belnk[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sy\Cookies\sy@errorsafe[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Sy\Cookies\sy@fe.lea.lycos[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Sy\Cookies\sy@fortunecity[1].txt
Spyware:Cookie/TopConvert Not disinfected C:\Documents and Settings\Sy\Cookies\sy@frame.topconverting[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sy\Cookies\sy@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sy\Cookies\sy@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Sy\Cookies\sy@i.screensavers[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Sy\Cookies\sy@kount[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sy\Cookies\sy@maxserving[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Sy\Cookies\sy@offeroptimizer[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Sy\Cookies\sy@pacificpoker[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sy\Cookies\sy@realmedia[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Sy\Cookies\sy@rightmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sy\Cookies\sy@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sy\Cookies\sy@target[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sy\Cookies\sy@terra.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Sy\Cookies\sy@winfixer[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Sy\Cookies\sy@www.affiliatefuel[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sy\Cookies\sy@www.errorsafe[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Sy\Cookies\sy@www.winantivirus[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Sy\Cookies\sy@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sy\Cookies\sy@xiti[1].txt
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\aupd.exe[²óÇ]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@adrevolver[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@belnk[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@cgi-bin[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@go[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@realmedia[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@rightmedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@uol.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Sy\Local Settings\Temp\Cookies\sy@winfixer[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sy.MAIN\Cookies\sy@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sy.MAIN\Cookies\sy@go[2].txt
Possible Virus. Not disinfected C:\Program Files\Disney\Disney Online\Toontown\Configrc.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\bi7.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\biM.inf
Potentially unwanted tool:Application/Redswoosh Not disinfected C:\WINDOWS\RSEDNClientUninstaller.exe

###############ComboFix

Charles - 06-12-25 22:00:07.14 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Charles\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\fad.sys


((((((((((((((((((((((((((((((( Files Created from 2006-11-25 to 2006-12-25 ))))))))))))))))))))))))))))))))))


2006-12-25 20:00 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-25 19:47 90,151 --a------ C:\WINDOWS\SYSTEM32\rrsec2k.exe
2006-12-25 19:47 23,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rrspy64.sys
2006-12-25 19:47 21,888 --a------ C:\WINDOWS\SYSTEM32\rrSpy.sys
2006-12-25 19:47 21,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rrspy.sys
2006-12-25 19:47 112,640 --a------ C:\WINDOWS\SYSTEM32\rrsec.dll
2006-12-25 19:47 <DIR> d-------- C:\Program Files\Registrar Registry Manager
2006-12-24 19:58 <DIR> dr-h----- C:\Documents and Settings\Charles\Recent
2006-12-23 22:07 <DIR> d--hs---- C:\found.002
2006-12-23 21:51 <DIR> d-------- C:\Program Files\CCleaner
2006-12-23 17:41 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-12-23 17:41 <DIR> d-------- C:\Program Files\Grisoft
2006-12-23 17:09 <DIR> d-------- C:\quarantine
2006-12-23 12:16 9,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscinst.dll
2006-12-23 12:16 7,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxinst.dll
2006-12-23 12:16 7,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxcom.sys
2006-12-23 12:16 274,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxfsf.sys
2006-12-23 12:16 18,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxtdi.sys
2006-12-23 12:16 13,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxrd.sys
2006-12-23 12:16 11,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscrmbl.sys
2006-12-23 12:16 100,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PxEmu.sys
2006-12-23 12:16 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\Prevx
2006-12-23 12:15 <DIR> d-------- C:\Program Files\Prevx1
2006-12-23 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2006-12-23 01:08 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2006-12-23 01:06 <DIR> d-------- C:\Documents and Settings\Charles\.housecall6.6
2006-12-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-16 22:16 <DIR> d-------- C:\Program Files\AIM6
2006-12-14 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2006-12-14 19:11 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2006-12-05 20:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2006-12-05 19:39 <DIR> d-------- C:\Config.Msi
2006-12-04 23:41 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-04 23:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2006-11-27 03:45 60,416 --------- C:\WINDOWS\SYSTEM32\tzchange.exe
2006-11-25 20:03 <DIR> d-------- C:\Program Files\Apple Software Update


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-25 21:24 -------- d-------- C:\Program Files\Spyware Doctor
2006-12-25 21:22 -------- d-------- C:\Program Files\QuickTime
2006-12-25 21:19 -------- d-------- C:\Program Files\NetSnippets
2006-12-25 21:00 -------- d-------- C:\Program Files\iTunes
2006-12-25 21:00 -------- d-------- C:\Program Files\Internet Explorer
2006-12-25 20:58 -------- d-------- C:\Program Files\Google
2006-12-25 20:53 -------- d-------- C:\Program Files\Dell Support
2006-12-25 19:29 -------- d-------- C:\Program Files\nickarcade
2006-12-23 23:03 -------- d-------- C:\Program Files\ewido anti-malware
2006-12-22 20:19 -------- d-------- C:\Program Files\SpywareBlaster
2006-12-22 17:24 -------- d-------- C:\Program Files\Java
2006-12-18 15:24 -------- d-------- C:\Program Files\Common Files\AOL
2006-12-16 22:17 -------- d-a------ C:\Program Files\Common Files
2006-12-16 22:17 -------- d-------- C:\Program Files\AOL
2006-12-15 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 03:01 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 18:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-14 18:52 -------- d-------- C:\Program Files\UBISOFT
2006-12-07 23:42 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-07 23:42 -------- d-------- C:\Documents and Settings\Charles\Application Data\AdobeUM
2006-12-05 20:24 -------- d-------- C:\Program Files\Windows Media Player
2006-12-02 23:04 -------- d-------- C:\Documents and Settings\Charles\Application Data\Share-to-Web Upload Folder
2006-12-02 23:04 -------- d-------- C:\Documents and Settings\Charles\Application Data\Incomplete
2006-11-25 20:54 -------- d-------- C:\Program Files\iPod
2006-11-25 17:19 -------- d-------- C:\Documents and Settings\Charles\Application Data\Yahoo!
2006-11-25 17:13 -------- d-------- C:\Program Files\Yahoo!
2006-11-25 16:12 -------- d-------- C:\Documents and Settings\Charles\Application Data\Macromedia
2006-11-21 16:19 -------- d-------- C:\Program Files\SpongeBob SquarePants Diner Dash
2006-11-17 09:12 -------- d-------- C:\Program Files\Wild Thornberrys Australian Wildlife Rescue
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-11-03 23:28 -------- d-------- C:\Program Files\AOD
2006-10-31 18:37 -------- d-------- C:\Program Files\Cake Mania
2006-10-29 20:48 -------- d-------- C:\Program Files\Common Files\Sandlot Shared
2006-10-29 07:40 -------- d-------- C:\Program Files\BFG
2006-10-28 13:57 1392671 --a------ C:\WINDOWS\SYSTEM32\msvbvm60.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-13 07:35 65536 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\SYSTEM32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-11 11:24 58880 --a------ C:\WINDOWS\SYSTEM32\pnrpnsp.dll
2006-10-11 11:24 553984 --a------ C:\WINDOWS\SYSTEM32\p2psvc.dll
2006-10-11 11:24 313344 --a------ C:\WINDOWS\SYSTEM32\p2pgraph.dll
2006-10-11 11:24 153088 --a------ C:\WINDOWS\SYSTEM32\p2p.dll
2006-10-11 11:24 116224 --a------ C:\WINDOWS\SYSTEM32\p2pnetsh.dll
2006-10-11 11:24 104960 --a------ C:\WINDOWS\SYSTEM32\p2pgasvc.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\SYSTEM32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"SB Audigy 2 Startup Menu"="/L:ENG"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Run StartupMonitor"="StartupMonitor.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mm_tray.exe"
"Logitech Utility"="Logi_MwX.Exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1131573657\\ee\\AOLSoftware.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware