Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DriveCleaner 2006 and SalesMonitor

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

DriveCleaner 2006 and SalesMonitor

Unread postby LordRuin » August 23rd, 2007, 6:45 am

For a few days I've been scanning my computer with Spybot Seach and Destroy and DriveCleaver 2006 shows up. SB cannot fix it and it says it is in C:\Documents and Settings\All Users\Application Data\SalesMoniter
However when I delete this folder it comes back. AntiVir and AVG do not detect it. Can any of you please help? :(
Here is my HijackThis logfile.
Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:38:27 AM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/KO-KR/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/ActiveDiodeoPlayer.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://runvirusscan.com/ols3/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launch ... etUpAX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania
Advertisement
Register to Remove

Unread postby tim s » August 23rd, 2007, 11:39 pm

Hi LordRuin,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those 3 things, everything should go smoothly
---------------------------------------------------

Your log shows multiple Anti-virus programs that is bad Please read:

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. They can conflict with each other which leaves you open to infection.

Grisoft AVG7 and Norton AntiVirus and AntiVir PersonalEdition Classic

If you have more than one antivirus program installed, you must narrow it down to only one. Please choose one that is currently capable of receiving updates of virus definitions. If you have an antivirus program that no longer has an active subscription to antivirus updates, it cannot protect your system from malware.

You must decide which one you want to use and uninstall all others.

These two do not come with a firewall if your are using the free editions.
AntiVir PersonalEdition Classic
Grisoft AVG7

If you choose to keep one of these you will have to install a firewall to go with it.
Firewall protection programs: (free for home personal use only available)

Choose from this list :

Link to Comodo Firewall

Link to Jetico Personal Firewall

--------------------------------------------------------------------
Please post in next reply to this thread by using the postreply button:
new HJT log when you have done the above.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby LordRuin » August 24th, 2007, 12:26 am

Alright I removed AVG and stuck with AntiVir. I removed Norton aswell.
Oh. AVG had a trojan in its virus vault. I emptied the vault before I uninstalled AVG. Also I got the Comodo FireWall. Also one last thing. Sometimes when I log into yahoo messanger. AntiVir gives me a message about a "HEUR/MALWARE. Anyways when it does. It will not let me delete it or anything. So I put it in Quarantine. Anyways I figured I'd just tell you all because I thought it might be important.
Here is the HijackThis logfile. Thanks for the help. :) I appreciate it.

Logfile of HijackThis v1.99.1
Scan saved at 1:19:54 AM, on 8/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/KO-KR/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/ActiveDiodeoPlayer.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://runvirusscan.com/ols3/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launch ... etUpAX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania

Unread postby tim s » August 24th, 2007, 7:43 am

Hi LordRuin,

Alright I removed AVG and stuck with AntiVir. I removed Norton aswell.


Thats good

Oh. AVG had a trojan in its virus vault. I emptied the vault before I uninstalled AVG. Also I got the Comodo FireWall. Also one last thing. Sometimes when I log into yahoo messanger. AntiVir gives me a message about a "HEUR/MALWARE. Anyways when it does. It will not let me delete it or anything. So I put it in Quarantine. Anyways I figured I'd just tell you all because I thought it might be important.


Yes let me know of any warnings and what they say just like you did.


------------------------------------------------------------------------------------


I will need you to run scan with this tool so I can review log.


Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single reply post and you will need to split it into separate reply post.

Please do the following:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within-----
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within-----
    • Click on 60 days
  • Next on the right side of screen Under Additional Scans
    • Put a checkmark in the box next to Reg-IE CmdMapping
    • Put a checkmark in the box next to Reg-Uninstall List
    • Put a checkmark in the box next to File-Additional Folder Scan
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. It may look like it has stopped just let it run until log opens.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Use the Add Reply button and Copy/Paste the information back here.

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into separate reply post.

---------------------------------------------------------------------------------

Please post in next reply or replies depending on how long log is:
WinPFind3u log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby LordRuin » August 24th, 2007, 4:39 pm

Thank you for the help. I will download and run it asap. I just thought I'd tell you that when I ran Spybot Search & Destroy that DriveCleaner 2006 came up ( of course ) and something else

Company:
Product: Microsoft.Windows.IEFirewallBypass
Threat: Security


Description
This is beeing flagged whenever the IE is configured to accept incoming connections through the Windows Firewall. Normally the IE does not need to accept incoming connections like servers do. This can be changed by malware but also by online antivirus scanners or other software. If you do not use the Windows Firewall or use online scanners frequently you may want to ignore this.

It said it removed it but I just thought it would be useful to post it.
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania

Unread postby tim s » August 24th, 2007, 5:00 pm

Hi LordRuin,

Thank you for the help. I will download and run it asap. I just thought I'd tell you that when I ran Spybot Search & Destroy that DriveCleaner 2006 came up ( of course ) and something else

Company:
Product: Microsoft.Windows.IEFirewallBypass
Threat: Security


That is showing up now because installing a third party firewall Combo. That is to let you know windows firewall has been turned off. Windows firewall which only blocks incoming badie, not outgoing badies from from calling out. You are better protected now with combo which blocks both ways. Nothing to worry about.

I will review WinPFind3u log when you post it remember to split into separate replies if it is to long for one reply.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby LordRuin » August 24th, 2007, 11:29 pm

tim s wrote:Hi LordRuin,

Thank you for the help. I will download and run it asap. I just thought I'd tell you that when I ran Spybot Search & Destroy that DriveCleaner 2006 came up ( of course ) and something else

Company:
Product: Microsoft.Windows.IEFirewallBypass
Threat: Security


That is showing up now because installing a third party firewall Combo. That is to let you know windows firewall has been turned off. Windows firewall which only blocks incoming badie, not outgoing badies from from calling out. You are better protected now with combo which blocks both ways. Nothing to worry about.

I will review WinPFind3u log when you post it remember to split into separate replies if it is to long for one reply.



:cry: I'm so stupid. When it came up. I clicked "Fix" and Spybot Search & Destroy removed it... :sad11: I'm stupid... Is it ok... What should I do.. is it ok?
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania

Unread postby tim s » August 25th, 2007, 7:25 am

Hi LordRuin

I'm so stupid. When it came up. I clicked "Fix" and Spybot Search & Destroy removed it... I'm stupid... Is it ok... What should I do.. is it ok?


don't worry will need to check settings

Click start then control panel
Click Security center
Under Manage Security settings click window firewall
Make sure windows firewall is turned off(not recommended) has a tick beside it. if not put a tick beside it to turn it off. click ok

Restart computer

If you get that message in next spybot scan right click on it and choose to ignore it from future scans.

If problems let me know?
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby LordRuin » August 25th, 2007, 11:46 pm

I took a screen caption of it. I did not see a tick or anything.

http://a172.ac-images.myspacecdn.com/im ... 549d0b.jpg

http://a585.ac-images.myspacecdn.com/im ... 7de9d0.jpg

It said Windows Fire wall is on? Then under Manage Security Settings: Windows Fire. It says "Windows Fire Wall is off".
:? So I'm assuming... thats good? I will thank you again for helping and putting up with my invideous questions.
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania

Unread postby tim s » August 25th, 2007, 11:59 pm

It said Windows Fire wall is on? Then under Manage Security Settings: Windows Fire. It says "Windows Fire Wall is off".
So I'm assuming... thats good? I will thank you again for helping and putting up with my invideous questions.


You are doing fine. Firewall setting or correct.

now look back a previous post on posting a log with WinpFind.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby LordRuin » August 26th, 2007, 5:49 pm

Here it is.

WinPFind3 logfile created on: 8/26/2007 6:13:21 PM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Lord Ruin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

502.80 Mb Total Physical Memory | 273.49 Mb Available Physical Memory | 54.39% Memory free
1.20 Gb Paging File | 0.96 Gb Available in Paging File | 80.52% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 23.65 Gb Free Space | 30.84% Space Free
Drive D: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: VILANCEHASARIVD
Current User Name: Lord Ruin
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acsd.exe -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,22,1 | Size = 1388648 bytes | Modified Date = 9/16/2003 11:55:36 PM | Attr = ]
avgnt.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.00.04.05 | Size = 327720 bytes | Modified Date = 4/20/2007 4:32:56 PM | Attr = ]
avguard.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.52 | Size = 204840 bytes | Modified Date = 4/20/2007 4:32:56 PM | Attr = ]
cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 8/24/2007 1:06:02 AM | Attr = ]
cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 8/24/2007 1:06:02 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7777 | Size = 127043 bytes | Modified Date = 7/20/2005 6:07:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 9/21/2006 1:35:34 AM | Attr = ]
sched.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.46 | Size = 57896 bytes | Modified Date = 4/20/2007 4:33:04 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 5:27:44 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.46 | Size = 57896 bytes | Modified Date = 4/20/2007 4:33:04 PM | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.52 | Size = 204840 bytes | Modified Date = 4/20/2007 4:32:56 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,22,1 | Size = 1388648 bytes | Modified Date = 9/16/2003 11:55:36 PM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 8/24/2007 1:06:02 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:50 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7777 | Size = 127043 bytes | Modified Date = 7/20/2005 6:07:00 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 5:27:44 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.00.04.05 | Size = 327720 bytes | Modified Date = 4/20/2007 4:32:56 PM | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 8/24/2007 1:06:02 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7777 | Size = 7110656 bytes | Modified Date = 7/20/2005 6:07:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 4:57:48 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 9/21/2006 1:35:34 AM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
AIM -> %ProgramFiles%\aim\aim.exe -cnetwait.odl -> File not found
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe -> [Ver = | Size = 43520 bytes | Modified Date = 9/21/2006 2:36:30 PM | Attr = ]
Veoh -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe -> Veoh Networks [Ver = 3.2.1.1073 | Size = 2019328 bytes | Modified Date = 5/3/2007 5:43:38 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 5:44:06 AM | Attr = ]
%AllUsersStartup%\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 5:22:26 PM | Attr = ]
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\\Launch Browser -> No ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/30/2004 9:13:24 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/def ... earch.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://google.icq.com/search/search_frame.php ->
HKCU: Search Page -> http://google.icq.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKLM] -> %ProgramFiles%\ICQToolbar\toolbaru.dll [ICQ Toolbar] -> ICQ Inc. [Ver = 1, 0, 10, 17 | Size = 446464 bytes | Modified Date = 1/19/2005 5:16:34 AM | Attr = ]
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 2:56:50 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{549B5CA7-4A86-11D7-A4DF-000874180BB3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 3:32:32 PM | Attr = ]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{D0943516-5076-4020-A3B5-AEFAF26AB263} [HKLM] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.4 | Size = 358528 bytes | Modified Date = 5/3/2007 5:39:34 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKLM] -> %ProgramFiles%\ICQToolbar\toolbaru.dll [ICQ Toolbar] -> ICQ Inc. [Ver = 1, 0, 10, 17 | Size = 446464 bytes | Modified Date = 1/19/2005 5:16:34 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{6224f700-cba3-4071-b251-47cb894244cd} -> %ProgramFiles%\ICQ\Icq.exe [ButtonText: ICQ] -> [Ver = | Size = 1995333 bytes | Modified Date = 2/7/2002 6:20:28 AM | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\aim\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr = ]
{B863453A-26C3-4e1f-A54D-A2CD196348E9} -> %ProgramFiles%\ICQLite\ICQLite.exe [ButtonText: ICQ Lite] -> ICQ Ltd. [Ver = 20, 52, 2573, 0 | Size = 3144800 bytes | Modified Date = 7/11/2006 3:06:40 AM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ICQ Toolbar Search -> %ProgramFiles%\ICQToolbar\toolbaru.dll\SEARCH.HTM -> File not found
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0F2C0BB3-A770-48AD-8BEF-C039277F4D8D} -> () ->
{23C5DE8D-CFBC-4737-8909-5321E37CF182} -> (Intel(R) PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://pcpitstop.com/pcpitstop/PCPitStop.CAB ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/house ... hcImpl.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/Mi ... b31267.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} -> IB_OnAir.IBOnAir - CodeBase = http://ionair.sbs.co.kr/onair/IB_OnAir.CAB ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/KO-KR/a-U ... E_UNO1.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resourc ... oscan8.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/Shar ... /cabsa.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://go.divx.com/plugin/DivXBrowserPlugin.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab ->
{9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} -> MagicLockOCX Control - CodeBase = http://www.diodeo.com/ActiveDiodeoPlayer.cab ->
{9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://runvirusscan.com/ols3/fscax.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://messenger.zone.msn.com/binary/ZI ... b56649.cab ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b56907.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-l ... cfscan.cab ->
{EFAEF0E4-F044-4D57-9900-1C3FF18524C9} -> AV Class - CodeBase = http://www.pcpitstop.com/antivirus/PitPav.cab ->
{F4A1D5E2-AF49-47A7-A945-23038106F3A4} -> Pandora_SetUp Control - CodeBase = http://imgcdn.pandora.tv/pan_img/launch ... etUpAX.cab ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/Mi ... b56986.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> 8193 - Reg Data - Value does not exist ->
{6224f700-cba3-4071-b251-47cb894244cd} -> 8194 - ICQ ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8200 - Uninstall BitDefender Online Scanner v8 ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8198 - Reg Data - Value does not exist ->
{B863453A-26C3-4e1f-A54D-A2CD196348E9} -> 8201 - ICQ Lite ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8195 - Reg Data - Value does not exist ->
{e2e2dd38-d088-4134-82b7-f2ba38496583} -> 8199 - @xpsp3res.dll,-20001 ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8196 - Yahoo! Messenger ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8197 - Windows Messenger ->
NextId -> 8202 ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate ->
{1D643CD7-4DD6-11D7-A4E0-000874180BB3} -> Microsoft Money 2004 ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{35AD3FC5-D09D-4D9F-8E9C-E40794194EC5} -> Netflix Movie Viewer ->
{3D5A72E1-1467-4199-8CF6-12DA8D502A6B} -> Veoh Player ->
{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B} -> Google Earth ->
{3E4B349F-10B5-4586-9D99-489A90A8B228} -> Sid Meier's Civilization 4 - Warlords ->
{49FC50FC-F965-40D9-89B4-CBFF80941033} -> Windows Movie Maker 2.0 ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD ->
{7148F0A8-6813-11D6-A77B-00B0D0142000} -> Java 2 Runtime Environment, SE v1.4.2 ->
{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} -> Microsoft Works 7.0 ->
{76EFFC7C-17A6-479D-9E47-8E658C1695AE} -> Windows Backup Utility ->
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX ->
{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} -> eMachines Bay Reader ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Extreme Graphics Driver ->
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player ->
{8C64E145-54BA-11D6-91B1-00500462BE80} -> Microsoft Money 2004 System Pack ->
{8EB175BA-F457-499B-8AC9-8358E1BB0990} -> Takeda 2 Demo ->
{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} -> Apple Software Update ->
{A79E6E20-E1B8-4A5A-97F4-E673404BF700} -> Netflix Movie Viewer ->
{A8589680-35C1-4732-ACCA-09B78921ECE3} -> Sid Meier's Civilization 4 ->
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0 ->
{AC76BA86-7AD7-5A76-5A64-7E8A45000001} -> Adobe Reader Japanese Fonts ->
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player ->
{C1583439-B034-4881-819C-D52A0587662B} -> Neverwinter Nights Platinum Edition ->
{C325F588-D6B1-4A7F-B6A2-914C75DDA348} -> Morrowind ->
{CA0A1E54-CE0F-4366-B09C-A87B61DC5633} -> Symantec Network Drivers Update ->
{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8} -> Sid Meier's Civilization 4 ->
{DB3C800B-081B-4146-B4E3-EFB5B77AA913} -> TES Construction Set ->
{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} -> QuickTime ->
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio ->
{FCE50DB8-C610-4C42-BE5C-193F46C6F812} -> Windows Live Messenger ->
America Online us -> America Online (Choose which version to remove) ->
AntiVir PersonalEdition Classic -> Avira AntiVir PersonalEdition Classic ->
AOL Instant Messenger -> AOL Instant Messenger ->
AolCoach -> AOL Coach Version 1.0(Build:20030807.3) ->
BigFix -> BigFix ->
BitTorrent -> BitTorrent 4.22.1 ->
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1 -> SoftV92 Data Fax Modem with SmartCP ->
COMODO Firewall Pro -> COMODO Firewall Pro ->
CompuServe us -> CompuServe ->
Diablo -> Diablo ->
Diablo II -> Diablo II ->
DivX Subtitle Displayer_is1 -> DivX Subtitle Displayer 5.00 ->
HijackThis -> HijackThis 1.99.1 ->
ICQ -> ICQ ->
ICQLite -> ICQ 5.1 ->
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->
InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B} -> Veoh Player ->
InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} -> eMachines Bay Reader ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB885626 -> Windows XP Hotfix - KB885626 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901190 -> Security Update for Windows XP (KB901190) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB904942 -> Update for Windows XP (KB904942) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Update for Windows XP (KB908531) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914440 -> Hotfix for Windows XP (KB914440) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP9 -> Security Update for Windows Media Player 9 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB918899 -> Security Update for Windows XP (KB918899) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920214 -> Security Update for Windows XP (KB920214) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921503 -> Security Update for Windows XP (KB921503) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922760 -> Security Update for Windows XP (KB922760) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923689 -> Security Update for Windows XP (KB923689) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925454 -> Security Update for Windows XP (KB925454) ->
KB925486 -> Security Update for Windows XP (KB925486) ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926239 -> Hotfix for Windows XP (KB926239) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB927891 -> Update for Windows XP (KB927891) ->
KB928090 -> Security Update for Windows XP (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929123 -> Security Update for Windows XP (KB929123) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) ->
KB929969 -> Security Update for Windows XP (KB929969) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931768 -> Security Update for Windows XP (KB931768) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB931836 -> Update for Windows XP (KB931836) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
KB933566 -> Security Update for Windows XP (KB933566) ->
KB935839 -> Security Update for Windows XP (KB935839) ->
KB935840 -> Security Update for Windows XP (KB935840) ->
KB936021 -> Security Update for Windows XP (KB936021) ->
KB936357 -> Update for Windows XP (KB936357) ->
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782) ->
KB937143 -> Security Update for Windows XP (KB937143) ->
KB938127 -> Security Update for Windows XP (KB938127) ->
KB938828 -> Update for Windows XP (KB938828) ->
KB938829 -> Security Update for Windows XP (KB938829) ->
LiveUpdate -> LiveUpdate 1.90 (Symantec Corporation) ->
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP ->
Netscape 6 (6.2.1) -> Netscape 6 (6.2.1) ->
Neverwinter Nights - Kingmaker -> BioWare Premium Module: Neverwinter Nights - Kingmaker ->
Neverwinter Nights - ShadowGuard -> BioWare Premium Module: Neverwinter Nights - ShadowGuard ->
Neverwinter Nights - Witch's Wake -> BioWare Premium Module: Neverwinter Nights - Witch's Wake ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
NVIDIA Drivers -> NVIDIA Drivers ->
Panda ActiveScan -> Panda ActiveScan ->
PCPitstop Panda AntiVirus Scan -> PCPitstop Panda AntiVirus Scan (remove only) ->
PROSet -> Intel(R) PRO Network Adapters and Drivers ->
RealPlayer 6.0 -> RealPlayer ->
SANYO Digital Camera Driver -> SANYO Digital Camera Driver ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
Starcraft -> Starcraft ->
StreetPlugin -> Learn2 Player (Uninstall Only) ->
Throne of Darkness Demo -> Throne of Darkness Demo ->
ToolbarICQToolbar.ICQToolbarObjectIEToolbar -> ICQ Toolbar ->
ViewpointMediaPlayer -> Viewpoint Media Player ->
VLC media player -> VideoLAN VLC media player 0.8.6a ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
Winamp -> Winamp (remove only) ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
Windows XP Service Pack -> Windows XP Service Pack 2 ->
WinRAR archiver -> WinRAR archiver ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 ->
Xfire -> Xfire (remove only) ->
Yahoo! Companion -> Yahoo! Toolbar for Internet Explorer ->
Yahoo! Customizations -> Yahoo! Browser Services ->
Yahoo! Messenger -> Yahoo! Messenger ->
Yahoo! Toolbar -> Yahoo! Toolbar ->
YInstHelper -> Yahoo! Install Manager ->


[Files/Folders - Created Within 60 days]
boot.ini.comodofirewall -> %SystemDrive%\boot.ini.comodofirewall -> [Ver = | Size = 207 bytes | Created Date = 8/24/2007 12:06:28 AM | Attr = ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 8/14/2007 4:54:17 PM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 8/14/2007 4:54:38 PM | Attr = H ]
$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Created Date = 7/11/2007 2:01:14 AM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 8/14/2007 4:51:01 PM | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 8/14/2007 4:51:56 PM | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 8/14/2007 4:52:18 PM | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 8/14/2007 4:54:27 PM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 8/14/2007 4:54:07 PM | Attr = H ]
SpoonUninstall-KlinZhaBoard.bmp -> %System32%\SpoonUninstall-KlinZhaBoard.bmp -> [Ver = | Size = 28898 bytes | Created Date = 8/10/2007 1:23:40 PM | Attr = ]
SpoonUninstall-KlinZhaBoard.dat -> %System32%\SpoonUninstall-KlinZhaBoard.dat -> [Ver = | Size = 7816 bytes | Created Date = 8/10/2007 1:23:40 PM | Attr = ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Created Date = 8/24/2007 12:06:05 AM | Attr = ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 8/24/2007 12:06:05 AM | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 8/12/2007 6:16:50 AM | Attr = H ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 8/24/2007 12:04:44 AM | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Created Date = 8/24/2007 12:10:53 AM | Attr = ]
SalesMonitor -> %AllUsersAppData%\SalesMonitor -> [Folder | Created Date = 8/22/2007 9:05:25 AM | Attr = R ]
Comodo -> %UserAppData%\Comodo -> [Folder | Created Date = 8/24/2007 12:10:57 AM | Attr = ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Created Date = 8/24/2007 12:06:29 AM | Attr = ]
convo.rtf -> %UserDesktop%\convo.rtf -> [Ver = | Size = 7582 bytes | Created Date = 8/15/2007 11:19:22 PM | Attr = ]
gamethingy.bmp -> %UserDesktop%\gamethingy.bmp -> [Ver = | Size = 1440054 bytes | Created Date = 8/25/2007 2:07:09 AM | Attr = ]
untitled.bmp -> %UserDesktop%\untitled.bmp -> [Ver = | Size = 666198 bytes | Created Date = 8/25/2007 11:37:14 PM | Attr = ]
Veoh.lnk -> %UserDesktop%\Veoh.lnk -> [Ver = | Size = 1696 bytes | Created Date = 7/5/2007 8:17:03 AM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 8/26/2007 5:10:38 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355277 bytes | Created Date = 8/26/2007 4:47:05 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

[Files/Folders - Modified Within 60 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 208 bytes | Modified Date = 8/24/2007 1:06:30 AM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/24/2007 12:56:56 AM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527290368 bytes | Modified Date = 8/26/2007 5:36:06 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/24/2007 1:06:04 AM | Attr = R ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/21/2007 8:43:40 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 304 bytes | Modified Date = 8/24/2007 7:08:58 AM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 256 bytes | Modified Date = 8/24/2007 7:10:28 AM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/25/2007 1:20:36 AM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/25/2007 1:38:06 AM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/25/2007 10:00:52 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 8/26/2007 6:09:02 PM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 8/26/2007 6:09:14 PM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 8/26/2007 6:09:26 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 8/26/2007 6:09:38 PM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Modified Date = 8/26/2007 6:09:50 PM | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 7/9/2007 7:54:32 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/21/2007 8:43:40 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/24/2007 7:08:58 AM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/24/2007 7:10:28 AM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/25/2007 1:20:36 AM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/25/2007 1:38:06 AM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/25/2007 10:00:52 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/26/2007 6:09:02 PM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/26/2007 6:09:14 PM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/26/2007 6:09:26 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/26/2007 6:09:38 PM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/26/2007 6:09:50 PM | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 7/9/2007 7:54:32 PM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/26/2007 5:41:44 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/22/2007 1:18:34 AM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 8/22/2007 3:12:44 AM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 8/22/2007 3:13:26 AM | Attr = H ]
$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Modified Date = 8/22/2007 3:13:00 AM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 8/22/2007 3:06:16 AM | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 8/22/2007 3:08:52 AM | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 8/22/2007 3:09:40 AM | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 8/22/2007 3:13:12 AM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 8/22/2007 3:12:28 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/26/2007 5:36:10 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/21/2007 7:50:22 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/23/2007 8:51:04 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/22/2007 3:13:20 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/23/2007 8:51:04 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/24/2007 12:56:56 AM | Attr = HS]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 8/2/2007 4:33:00 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/26/2007 6:10:40 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/22/2007 12:25:50 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 8/24/2007 1:04:38 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 8/24/2007 1:09:06 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/24/2007 12:55:42 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/26/2007 5:39:28 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 907 bytes | Modified Date = 8/26/2007 5:39:48 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/21/2007 7:18:12 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/26/2007 5:36:16 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 8/21/2007 8:48:12 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 8/22/2007 1:08:48 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 8/26/2007 2:01:10 PM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 7/3/2007 2:34:50 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 8/21/2007 8:52:46 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 8/24/2007 1:09:52 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 8/24/2007 1:06:06 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 29204 bytes | Modified Date = 8/26/2007 5:39:18 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 8/21/2007 8:27:30 PM | Attr = ]
SpoonUninstall-KlinZhaBoard.bmp -> %System32%\SpoonUninstall-KlinZhaBoard.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 8/10/2007 2:23:20 PM | Attr = ]
SpoonUninstall-KlinZhaBoard.dat -> %System32%\SpoonUninstall-KlinZhaBoard.dat -> [Ver = | Size = 7816 bytes | Modified Date = 8/10/2007 2:23:42 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 8/21/2007 8:52:26 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 8/26/2007 5:39:10 PM | Attr = ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 8/24/2007 1:06:04 AM | Attr = ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 8/24/2007 1:06:04 AM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 8/12/2007 7:16:52 AM | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 8/12/2007 7:16:52 AM | Attr = H ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Modified Date = 8/24/2007 1:04:46 AM | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Modified Date = 8/24/2007 1:10:54 AM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 8/12/2007 7:16:52 AM | Attr = S]
SalesMonitor -> %AllUsersAppData%\SalesMonitor -> [Folder | Modified Date = 8/22/2007 10:05:26 AM | Attr = R ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 8/24/2007 12:56:32 AM | Attr = ]
BitTorrent -> %UserAppData%\BitTorrent -> [Folder | Modified Date = 8/13/2007 9:20:44 PM | Attr = ]
Comodo -> %UserAppData%\Comodo -> [Folder | Modified Date = 8/24/2007 1:10:58 AM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 8/24/2007 1:04:40 AM | Attr = S]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 69120 bytes | Modified Date = 7/1/2007 5:34:00 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1578638 bytes | Modified Date = 8/26/2007 1:59:46 AM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 8/24/2007 7:23:28 AM | Attr = ]
BitTorrent Downloads -> %UserDocuments%\BitTorrent Downloads -> [Folder | Modified Date = 8/18/2007 2:18:48 AM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 8/7/2007 7:43:34 PM | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 8/21/2007 8:25:42 AM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 587 bytes | Modified Date = 8/26/2007 5:41:28 PM | Attr = ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 8/18/2007 1:51:50 AM | Attr = ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 8/24/2007 1:06:30 AM | Attr = ]
convo.rtf -> %UserDesktop%\convo.rtf -> [Ver = | Size = 7582 bytes | Modified Date = 8/16/2007 12:19:24 AM | Attr = ]
Copy of ObjectData.w3o -> %UserDesktop%\Copy of ObjectData.w3o -> [Ver = | Size = 61364 bytes | Modified Date = 7/3/2007 12:09:24 PM | Attr = ]
gamethingy.bmp -> %UserDesktop%\gamethingy.bmp -> [Ver = | Size = 1440054 bytes | Modified Date = 8/25/2007 3:07:12 AM | Attr = ]
Plus! -> %UserDesktop%\Plus! -> [Folder | Modified Date = 8/24/2007 7:22:26 AM | Attr = ]
tomenet-bin -> %UserDesktop%\tomenet-bin -> [Folder | Modified Date = 7/14/2007 11:52:42 PM | Attr = ]
untitled.bmp -> %UserDesktop%\untitled.bmp -> [Ver = | Size = 666198 bytes | Modified Date = 8/26/2007 12:42:32 AM | Attr = ]
Veoh.lnk -> %UserDesktop%\Veoh.lnk -> [Ver = | Size = 1696 bytes | Modified Date = 7/5/2007 9:17:04 AM | Attr = ]
WarCraft III Stuff -> %UserDesktop%\WarCraft III Stuff -> [Folder | Modified Date = 8/4/2007 5:40:40 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 8/26/2007 6:10:40 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355277 bytes | Modified Date = 8/26/2007 5:47:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 8/24/2007 1:09:06 AM | Attr = ]
WinAntiSpyware 2007 -> %CommonProgramFiles%\WinAntiSpyware 2007 -> [Folder | Modified Date = 8/23/2007 7:01:44 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.17 | Size = 14204416 bytes | Modified Date = 1/9/2004 5:53:58 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 5:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1328 | Size = 716800 bytes | Modified Date = 9/3/2004 11:03:48 AM | Attr = ]
WSUD , -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.10.7777 | Size = 5140480 bytes | Modified Date = 7/20/2005 6:07:00 PM | Attr = ]
PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 12:42:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\Pandora_SetUpAX.ocx -> Pandora TV [Ver = 1.0.1.32 | Size = 265728 bytes | Modified Date = 12/12/2006 3:41:12 PM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 4:04:34 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 5:00:00 AM | Attr = ]
UPX! , UPX0 , Thawte Consulting , -> %System32%\websetup2.exe -> PandoraTV Inc. [Ver = 2, 0, 0, 1 | Size = 161040 bytes | Modified Date = 4/1/2007 8:15:28 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 3:59:36 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 6/14/2004 3:56:26 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 5:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\throneofdarknessdemo.exe:Zone.Identifier ->
File scan skipped for file %UserDesktop%\throneofdarknessdemo.exe -> File size too big (116504048 bytes) ->
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania

Unread postby tim s » August 26th, 2007, 8:16 pm

Hello LordRuin,

Thanks for posting log.

Start WinPFind3U.
Copy/Paste the information that is inside of the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
NOTE*(make sure to just highlight and copy what is inside of the quote box nothing outside of it)

[Registry - Non-Microsoft Only]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {549B5CA7-4A86-11D7-A4DF-000874180BB3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files/Folders - Created Within 60 days]
NY -> SalesMonitor -> %AllUsersAppData%\SalesMonitor
[Files/Folders - Modified Within 60 days]
NY -> SalesMonitor -> %AllUsersAppData%\SalesMonitor
NY -> WinAntiSpyware 2007 -> %CommonProgramFiles%\WinAntiSpyware 2007


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished.
Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
NOTE* If for some reason Notepad does not open with log of actions taken. The log will be in the Winpfind3u folder and will have a name like this:
( mmddyyyy_hhmmss.log)

Just copy and paste that log in your next reply.

--------------------------------------------------------------

These should be removed from add/remove program list:
Norton leftovers that need to go and Viewpoint Media Player.

Information on Viewpoint that is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player)

--------------------------------------------------------------

This is next:

Add/Remove Programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following:

    LiveUpdate 1.90 (Symantec Corporation)
    Viewpoint Media Player
    <<< If you choose to do so

You will need to reboot computer to complete uninstall.

---------------------------------------------------------

Post in next reply:
WinPFind3U log >>> The log will be in the Winpfind3u folder and will have a name like this:( mmddyyyy_hhmmss.log)
Run a HJT and post a new log.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby LordRuin » August 27th, 2007, 1:22 am

I uninstalled them 2 programs that you told me too.

[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
[Files/Folders - Created Within 60 days]
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data moved successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor moved successfully.
[Files/Folders - Modified Within 60 days]
File C:\Documents and Settings\All Users\Application Data\SalesMonitor not found!
C:\Program Files\Common Files\WinAntiSpyware 2007 moved successfully.
< End of log >
Created on 08/27/2007 02:17:28
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania

Unread postby tim s » August 27th, 2007, 6:02 am

Hello LordRuin,

Thanks for posting log.
Open HijackThis v1.99.1
click Do a system scan and save a log button.
I will need to check a New HiJackThis log.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby LordRuin » August 28th, 2007, 6:41 pm

Logfile of HijackThis v1.99.1
Scan saved at 7:40:48 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/KO-KR/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/ActiveDiodeoPlayer.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://runvirusscan.com/ols3/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launch ... etUpAX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
LordRuin
Regular Member
 
Posts: 53
Joined: August 23rd, 2007, 6:22 am
Location: Pennsylvania
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 383 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware