File:: C:\WINDOWS\system32\drivers\flbphkyfcnsm.sys C:\WINDOWS\system32\drivers\aepjqetbtgut.sys C:\WINDOWS\system32\drivers\gqpksuwgbrlb.sys C:\WINDOWS\system32\drivers\etdlrlthotmv.sys C:\WINDOWS\System32\winshost.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3.tmp] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3.tmp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4.tmp] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4.tmp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\appxs.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPZH] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnkzjuyp] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft QMGR] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NXFPLVD] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegKillElbyCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshost.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\x90\ek\v] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\xb0\37k\v] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG06.00.00.01WORKSTATION"=- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E7C843A-EFE3-EB26-568C-9DE49ADE4BC2}] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-66EB-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windev-66eb-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDEV-66EB-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDEV-66EB-3421\0000\Control] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windev-66eb-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-66EB-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windev-66eb-3421]
Driver:: windev-66eb-3421 Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-66EB-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windev-66eb-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDEV-66EB-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDEV-66EB-3421\0000\Control] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windev-66eb-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-66EB-3421] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windev-66eb-3421]
ComboFix 07-08-01.3 - "Michael" 2007-08-02 10:22:58.5 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Michael\Desktop\cfscript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_WINDEV-66EB-3421
((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))
2007-08-01 17:55 <DIR> d-------- C:\Program Files\EarthLink
2007-08-01 11:48 2,992,368 --a------ C:\ELSBSetup.exe
2007-08-01 11:12 <DIR> d-------- C:\regsearch
2007-08-01 07:42 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 16:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-31 06:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-27 12:04 <DIR> d-------- C:\Program Files\Total Video Converter
2007-07-27 11:50 <DIR> d-------- C:\vdub
2007-07-20 14:02 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-07-20 14:02 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-07-20 01:06 <DIR> d-------- C:\New Folder
2007-07-05 11:55 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-01 00:12 --------- d-------- C:\Program Files\Line6
2007-08-01 00:11 --------- d-------- C:\DOCUME~1\Michael\APPLIC~1\Line 6
2007-08-01 00:10 --------- d-------- C:\Program Files\Agent
2007-07-31 23:45 --------- d-------- C:\Program Files\Google
2007-07-31 23:27 --------- d-------- C:\Program Files\Kuma Games
2007-07-31 22:26 --------- d-------- C:\Program Files\a-squared Free
2007-07-31 06:54 --------- d-------- C:\DOCUME~1\Michael\APPLIC~1\Azureus
2007-07-29 09:28 --------- d-------- C:\Program Files\Azureus
2007-07-25 23:41 --------- d-------- C:\Program Files\SpywareBlaster
2007-07-17 10:41 --------- d-------- C:\DOCUME~1\Michael\APPLIC~1\dvdcss
2007-06-27 18:55 6862 --a------ C:\WINDOWS\mozver.dat
2007-06-19 01:33 --------- d-------- C:\Program Files\DivX
2007-06-18 23:13 --------- d-------- C:\DOCUME~1\Michael\APPLIC~1\DivX
2007-06-11 00:46 --------- d-------- C:\Program Files\Common Files\Colasoft Shared
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2006-07-23 11:20 0 --a------ C:\DOCUME~1\Michael\APPLIC~1\internaldb41.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-09 21:39]
"AsioReg"="REGSVR32 /S CTASIO.DLL" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-14 12:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 16:03]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ELSBLaunch.lnk - C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe [2004-10-05 11:19:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Start_NotifyNewApps"=0 (0x0)
"NoInstrumentation"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsMenu"=01000000
"NoSMMyPictures"=01000000
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^hc_tray.lnk]
path=C:\Documents and Settings\Michael\Start Menu\Programs\Startup\hc_tray.lnk
backup=C:\WINDOWS\pss\hc_tray.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Actual Title Buttons]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blue Frog]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscoverDeskshop]
C:\Program Files\Discover Deskshop\Deskshop.exe /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 820 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPnote]
c:\ipnote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"c:\windows\servicepackfiles\i386\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
rundll32.exe ptipbmf.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd]
Rundll32.exe ptipbm.dll,SetWriteBack
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShutDown Plus]
c:\windows\system32\shutdown.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNInstall]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supervisor.exe]
C:\WINDOWS\supervisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]
g:\downloads\santa cruz xp driver\98 beta\tbctray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=3 (0x3)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=3 (0x3)
"Ip6FwHlp"=3 (0x3)
"ImapiService"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ClipSrv"=3 (0x3)
"Messenger"=3 (0x3)
R0 fasttx2k;fasttx2k;C:\WINDOWS\System32\DRIVERS\fasttx2k.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\System32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\System32\DRIVERS\timntr.sys
R0 UlSata;UlSata;C:\WINDOWS\System32\DRIVERS\ulsata.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\System32\drivers\SCDEmu.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 ppsio2;PPDevice;C:\WINDOWS\System32\drivers\ppsio2.sys
R2 Sentinel;Sentinal;C:\WINDOWS\System32\Drivers\SENTINEL.SYS
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
R3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\System32\DRIVERS\bridge.sys
R3 E1000;Intel(R) PRO/1000 Adapter Driver;C:\WINDOWS\System32\DRIVERS\e1000325.sys
S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\System32\DRIVERS\ATITool.sys
S3 Bridge;MAC Bridge;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 DirectNT;DirectNT;\??\F:\pat\DIRECTNT.SYS
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS
S3 L6POD;L6 PODxt Service;C:\WINDOWS\System32\Drivers\L6POD.sys
S3 MidiSyn;MidiSyn;C:\WINDOWS\System32\drivers\MidiSyn.sys
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\System32\drivers\msmpu401.sys
S3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\System32\Drivers\Pcouffin.sys
S3 RadProbe;Radeon Probe Driver;C:\WINDOWS\System32\DRIVERS\RadProbe.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS
S3 vaxscsi;vaxscsi;C:\WINDOWS\System32\Drivers\vaxscsi.sys
S4 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 10:25:50
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\x90\ek\v]
"DisplayName"="\xffff\xffff\xf70f\x77f5\xf7f\x77f6"
"DeviceDesc"="\xffff\xffff\xf70f\x77f5\xf7f\x77f6"
"ProviderName"=""
"MFG"="urrentControlSet\Services\ati2mtag\Device0"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x1b90\xb6b\DriverFiles\\x3b74\23\x3ae5\x77f8\t.INF"
"DeviceInstanceIds"=str(7):"`"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\xb0\37k\v]
"DisplayName"="\x4518\23\x1d8\25\x45fc\23\x4809\x77e9\x3278\x77e8\xffff\xffff\x5f10\x77e7\x5faa\x77e7\2"
"DeviceDesc"="\x4518\23\x1d8\25\x45fc\23\x4809\x77e9\x3278\x77e8\xffff\xffff\x5f10\x77e7\x5faa\x77e7\2"
"ProviderName"=""
"MFG"="urrentControlSet\Services\ati2mtag\Device0"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x1fb0\xb6b\DriverFiles\\x3b74\23\x3ae5\x77f8\31.INF"
"DeviceInstanceIds"=str(7):"`"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG06.00.00.01WORKSTATION"="3E82E8F07B37E13E602052FB42604189D5210B0463DB98F06C280A84CD2EE36E842C180E07AA7A6DF9466FF416ADF72318C960D08618ABB7A5B591D0732C1CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C9DB7CE019D40AA5CC038D530D6EB3452C038D530D6EB3452A9C6AECB7A5D1407EEA344703BB5832B67AB0A6E06E8864554DFF50A1976B9A1C339CBF84CD527CF13865235476928399B78C4B2CB8D3E262BB589295A35B1CFC902C275A2990D85537229FC41F4DA59633539AAD159C06B87EBAFF8D1865C32CB0BD58F4C5D816496551B6ADD5C33E7C6620913832F02D8B731F76EBD4DAB1581541F17FCA611E316A2F145E4E47A262782C84C5DB72999E03CE32270B243AD71E42FFCFBC07F60DE5168F9349BAFB6361E82DB70DE92BAFA4468D34F25FA90F84608D825B84099D45B2E183A4E05A2F9BFB0EAE255CDAC5187F0E3D5D5E039C885A0E566E1FCB12C3F67D37D116257CF7846C6EC8E1D4584455AD892B8338565336583C3D115B06E7FAD05933BE023635A295EDB43F8BD06C2F65CA50869B729673333D46218827A248B28A9664F3D387E2FC812EE8C3421C70E3EC7BF2976BEBA5E1EC4324CF502B5025B81F2B03BA680A83D0452B8296EA1D7ECC22251CBA74A2E0C53A2ABBD89C40363ED05BB9BD8FED51A3B720E82DE228480F23471A6B9B8DCEED25BE2736C6279A95880D93E4C9DE95F5495D689361C33B3CCBE4DD99C2B9958AA44D39057A640B7BB94A9E6D405103101490E6C0D69FBE155CDDE1A4C4B08FE568D94F44CABA5BFA82DFEBD19E0E35A07DCE13BCD66690F28B5D1031CC5BEBCE429ECE2A1107013437FE05094DFF7C6BFE437EC3A73F6E072088614AECD48137A4C5D040076D62C4502070F9436CF871839A558E374191F7621922D7D19A3234E7194E2E68506A5F8EEE14DBC1CE4519176773E3253B4BA8A9ABD96D4DFC5B4A9D6796F26E71DBE40C79345844C24FC40FC2DBCE3FCA4C399590479D6E09332EDFE257BE4CCB0DC8E4CF290B506EE874EEFFADB06E036F0A18017E5765D692A8D2FE43F9CE5C807EC868A316E0F9A1279B74604FE742B9BB478DA4D7E1B95D09072BB561A696169F5C0188BA32CEFE11382AC8204AF3AC178EF67060A64DA7B91175DC0819369D35C0B8F69992B2CDEFEBC7C87A1900D85A8D78A4A0A8570A53F2E35DF46A2463AE13695F3ED5BFE95381E3A2BB71742AC93E4C3B844D002EEDE0EDD7C3358CFB4E0DA86BD0D908E39CA9C9CE4FAC66BA01990C7D3511C2E98C551AB43E5FCD17FC4D370BB3A21F31CD8F40F1371290F7032177E811D41870CDFD6A3C150D80CF88CC114450C69BB39172731F678CAA5CD687B060DE81D9651ABBF7DEA37BC33264F856A95EE4967AB4E7857353F"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E7C843A-EFE3-EB26-568C-9DE49ADE4BC2}]
"oakciifnfgmneofopbcknhcmeedced"=hex:64,61,6b,6d,69,67,61,6e,00,00
"oaobjogcmekdeekjhmjmkdiggkmoce"=hex:6a,61,70,6d,61,68,66,6f,69,70,68,69,63,6a,65,6f,64,6e,64,70,00,..
"namadpjgpleilgbkncoblafkhcjm"=hex:6a,61,70,6d,61,68,66,6f,69,70,68,69,63,6a,65,6f,64,6e,64,70,00,..
"eagbiilaoh"=hex:61,62,6e,62,65,6f,6e,69,67,66,6d,6c,62,68,61,62,6d,64,65,6e,61,..
"cajcok"=hex:64,62,6e,63,6e,66,63,66,6c,62,68,68,69,6b,68,62,68,68,6a,62,66,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-02 10:26:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 10:26
C:\ComboFix2.txt ... 2007-08-01 17:52
C:\ComboFix3.txt ... 2007-08-01 16:46
--- E O F ---
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 8/2/2007 10:29:42 AM for strings:
; 'windev-66eb-3421'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
--- Report generated: 2007-08-02 10:45 ---
Excite: Tracking cookie (Internet Explorer: Michael) (Cookie, nothing done)
Advertising.com: Tracking cookie (Internet Explorer: Michael) (Cookie, fixed)
Excite: Tracking cookie (Internet Explorer: Michael) (Cookie, nothing done)
Common Dialogs: History (44 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Adobe Acrobat Reader 5: Last selected preference panel (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Adobe\Acrobat Reader\5.0\PrefsDialog\aLastPrefsPanel
Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=
Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=
Ahead Nero Burning Rom: Browser directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=
Ahead Nero Burning Rom: Working directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=
Animation Shop 3: Recent browse folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Jasc\Animation Shop 3\Browser\BrowseDir!=
Animation Shop 3: Recent image folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Jasc\Animation Shop 3\FileOpenDialog\OpenImageDir!=
Animation Shop 3: Recent save as folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Jasc\Animation Shop 3\SaveAsDialog\SaveAsDir!=
BlindWrite Suite (BlindRead): Last used image folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\VSO\BlindRead\forms\Image Path!=
BlindWrite Suite (BlindWrite): Last loaded CD image (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\VSO\BlindWrite\PG3_TocFiles!=
Internet Explorer: Typed URL list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Download Directory!=
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: AutoComplete data (18 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Internet Explorer\IntelliForms\SPW
Isobuster: Last save folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Smart Projects\IsoBuster\LastSavedPath
MS Management Console: Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: Recent file list (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir!=
MS Media Player: Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
MS Media Player: Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex
MS Media Player: Last selected node (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=
MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=
MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name!=
MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS DirectInput: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name!=
MS DirectInput: Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id!=
MS DirectInput: Last mapped application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\DirectInput\MostRecentMapperApplication\ID!=
MS DirectInput: Last mapped application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\DirectInput\MostRecentMapperApplication\Name!=
MS Office 10.0 (Word): Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Office\10.0\Word\Data\Settings
MS Office 10.0 (Word): Templates history (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Office\10.0\Word\Recent Templates
MS Office 11.0 (Office Startup Assistant): Last search location (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Office\11.0\Osa\FindFile\Place
MS Frontpage: Default image add folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\FrontPage\Editor\Default Add Image Directory!=
MS Frontpage: Last opened web (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Settings\LastWebOpen!=
MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=
MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Search Assistant\ACMru
MS Windows Backup 5.0: Last created backup set (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Ntbackup\Hardware\Logical Disk File!=
Paint Shop Pro 7: Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\JASC\Paint Shop Pro 7\Recent File List
Paint Shop Pro 7: Browse directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\JASC\Paint Shop Pro 7\Browser\BrowseDir!=
Paint Shop Pro 7: Image directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\JASC\Paint Shop Pro 7\General\ImageDirectory!=
Paint Shop Pro 7: Recent GIF directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Jasc\Paint Shop Pro 7\ExportGIF\Directory!=
Paint Shop Pro 7: Recent JPG directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Jasc\Paint Shop Pro 7\ExportJPG\Directory!=
Paint Shop Pro 7: Recent PNG directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Jasc\Paint Shop Pro 7\ExportPNG\Directory!=
Windows: Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=
Windows.OpenWith: Open with list - .001 extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList
Windows.OpenWith: Open with list - .ACE extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ACE\OpenWithList
Windows.OpenWith: Open with list - .ASF extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList
Windows.OpenWith: Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList
Windows.OpenWith: Open with list - .AU extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithList
Windows.OpenWith: Open with list - .AVI extension (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: Open with list - .BAK extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList
Windows.OpenWith: Open with list - .BIN extension (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList
Windows.OpenWith: Open with list - .BMP extension (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: Open with list - .BUP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList
Windows.OpenWith: Open with list - .CAB extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList
Windows.OpenWith: Open with list - .CDA extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: Open with list - .CHK extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CHK\OpenWithList
Windows.OpenWith: Open with list - .CHM extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CHM\OpenWithList
Windows Explorer: Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: Run history (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: Stream history (201 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: User Assistant history IE (26 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: User Assistant history files (347 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: Last visited history (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\WinRAR\ArcHistory
WinRAR: Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\WinRAR\General\LastFolder!=
WinRAR: Extraction directory history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\WinRAR\DialogEditHistory\ExtrPath
WinZip: Recent extracted file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\extract
WinZip: Recent created file list (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\filemenu
WinZip: Number of times run (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\rrs\Opened!=
WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\directories\DefDir!=
WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\directories\zDefDir!=
WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\directories\AddDir!=
WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\directories\ExtractTo!=
WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\directories\gzAddDir!=
WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-362288127-839522115-1003\Software\Nico Mak Computing\WinZip\directories\gzExtractTo!=
Cookie: Cookie (221) (Cookie, nothing done)
Cache: Cache (3296) (Cache, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-25 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-01 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-01 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-01 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-01 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-01 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-08-01 Includes\PUPSC.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2007-08-01 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-01 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-08-01 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 597 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware