SDFix log:
SDFix: Version 1.115
Run by Massiel Gutierrez on Tue 11/20/2007 at 04:34 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
core
Path:
system32\drivers\core.sys
core - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting AppInit_DLLs value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\PROGRA~1\WINDOW~1\LAVUNABI.DLL - Deleted
C:\Program Files\Temporary\wininstall.exe - Deleted
C:\Program Files\WinAble\winable.exe - Deleted
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe - Deleted
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe - Deleted
C:\Documents and Settings\Massiel Gutierrez\Start
Menu\Programs\Startup\TA_Start.lnk - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\abW9\tPho.log - Deleted
C:\WINDOWS\avp.exe - Deleted
C:\WINDOWS\mgrs.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\ldcore.dll - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\WinAble - Removed
Folder C:\Temp\abW9 - Removed
Folder C:\Temp\1cb - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-20 16:58:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:a3839364
"s2"=dword:b7d8e017
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\1965
9239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b2,80,97,77,34,2e,0e,5f,0a,ad,1e,eb,83,d4,18,2f,4f,24,95,93,c9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002
\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b2,80,97,77,34,2e,0e,5f,0a,ad,1e,eb,83,d4,18,2f,4f,24,95,93,c9,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000094
"TracesSuccessful"=dword:00000082
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para
meters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32
\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program
Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program
Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program
Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program
Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program
Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program
Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program
Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and
Command Dispatcher"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program
Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Yahoo! Games\\Slingo Deluxe\\Slingo.exe"="C:\\Program
Files\\Yahoo! Games\\Slingo Deluxe\\Slingo.exe:*:Enabled:Slingo r"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla
Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32
\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed
installer"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program
Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program
Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Clonk Endeavour\\Clonk.exe"="C:\\Program Files\\Clonk
Endeavour\\Clonk.exe:*:Enabled:Clonk Endeavour Engine"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program
Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Clonk Endeavour\\ClonkPORT.exe"="C:\\Program
Files\\Clonk Endeavour\\ClonkPORT.exe:*:Enabled:Clonk Endeavour Engine"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program
Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\Common
Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common
Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1162703243
\\ee\\aolsoftware.exe"="C:\\Program Files\\Common
Files\\AOL\\1162703243\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1162703243
\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1162703243
\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program
Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program
Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program
Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN
Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN
Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe"="C:\\Program
Files\\Lemonade Tycoon 2\\Lemonade2.exe:*:Enabled:Lemonade2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program
Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\MASSIE~1\\LOCALS~1
\\Temp\\win430.tmp.exe"="C:\\DOCUME~1\\MASSIE~1\\LOCALS~1
\\Temp\\win430.tmp.exe:*:Enabled:win430.tmp"
"C:\\WINDOWS\\system32\\orlmwutm.exe"="C:\\WINDOWS\\system32\\orl"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6
\\aim6.exe:*:Enabled:AIM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para
meters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32
\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program
Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program
Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN
Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN
Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 20 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\SYSTEM32\tnvvolkn.dllbox"
Tue 1 Jun 2004 4,348 ..SH. --- "C:\Documents and Settings\All
Users\DRM\DRMv1.bak"
Tue 1 Jun 2004 401 ..SH. --- "C:\Documents and Settings\All
Users\DRM\DRMv11.bak"
Tue 8 Jun 2004 91,648 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL0002.tmp"
Wed 9 Jun 2004 107,008 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL0055.tmp"
Wed 9 Jun 2004 111,616 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL0194.tmp"
Wed 9 Jun 2004 113,664 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL0237.tmp"
Wed 9 Jun 2004 105,472 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL1187.tmp"
Wed 9 Jun 2004 98,304 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL1390.tmp"
Thu 2 Nov 2006 25,088 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL1407.tmp"
Wed 9 Jun 2004 115,200 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL1731.tmp"
Wed 9 Jun 2004 92,160 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL1913.tmp"
Wed 9 Jun 2004 106,496 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL2205.tmp"
Thu 25 Jan 2007 24,064 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL2363.tmp"
Wed 9 Jun 2004 101,376 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL2457.tmp"
Wed 9 Jun 2004 110,080 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL3615.tmp"
Wed 9 Jun 2004 107,008 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL3858.tmp"
Wed 9 Jun 2004 109,568 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\~WRL3968.tmp"
Tue 20 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Massiel
Gutierrez\Local Settings\Temp\ico1.tmp"
Tue 20 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Massiel
Gutierrez\Local Settings\Temp\ico2.tmp"
Tue 20 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Massiel
Gutierrez\Local Settings\Temp\ico3.tmp"
Tue 20 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Massiel
Gutierrez\Local Settings\Temp\ico4.tmp"
Tue 20 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Massiel
Gutierrez\Local Settings\Temp\ico5.tmp"
Mon 21 May 2007 30,720 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\The Rudesby Algorithm\~WRL1677.tmp"
Mon 21 May 2007 31,232 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\My Documents\The Rudesby Algorithm\~WRL2741.tmp"
Sun 18 Nov 2007 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fd
b6\BIT31A.tmp"
Fri 21 Apr 2006 91,136 ...H. --- "C:\Documents and Settings\Massiel
Gutierrez\Application Data\Microsoft\Word\~WRL3781.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1023.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1024.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1025.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1026.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1027.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico103D.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico103E.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico103F.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1040.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1041.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1050.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1051.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1052.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1053.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1054.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1060.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1061.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1062.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1063.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico1064.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico302.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico303.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico304.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico305.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico306.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico584.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico585.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico586.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico587.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico588.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5A2.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5A3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5A4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5A5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5A6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5C6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5C7.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5C8.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5C9.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico5CA.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico604.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico605.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico606.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico607.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico608.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico77F.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico780.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico781.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico782.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico783.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico88E.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico88F.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico890.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico891.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico892.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8A2.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8A3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8A4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8A5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8A6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8B3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8B4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8B5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8B6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8B7.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8C4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8C5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8C6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8C7.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8C8.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8D1.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8D2.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8D3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8D4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8D5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8E2.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8E3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8E4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8E5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8E6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8F3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8F4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8F5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8F6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico8F7.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico9EE.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico9EF.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico9F0.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico9F1.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\ico9F2.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\icoFF1.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\icoFF2.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\icoFF4.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\icoFFA.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System
Scanner\backup\DOCUME~1\MASSIE~1\LOCALS~1\Temp\icoFFC.tmp"
Finished!
SmitFraudFix log:
SmitFraudFix v2.253
Scan done at 17:12:01.35, Tue 11/20/2007
Run from C:\Documents and Settings\Massiel Gutierrez\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\orlmwutm.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Cool\X_cool.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Massiel Gutierrez
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Massiel Gutierrez\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MASSIE~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Windows NT\\profsycyrty.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D1DD06E1-FF0E-435F-8430-1F9B1A3D9BBD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D1DD06E1-FF0E-435F-8430-1F9B1A3D9BBD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D1DD06E1-FF0E-435F-8430-1F9B1A3D9BBD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:32 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\orlmwutm.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Cool\X_cool.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tnvvolkn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Flecy] C:\Program Files\Uskvaes\Cqyork.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [yb2KtaW] C:\WINDOWS\kxcllkw.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [61646863656B6A68] B0B3B7B2B4BAB9.exe
O4 - HKLM\..\Run: [{C0-00-03-39-ZN}] C:\DOCUME~1\MASSIE~1\LOCALS~1\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvnev.dll,startup
O4 - HKLM\..\Run: [jqbkfcly] rundll32.exe "C:\Program Files\qxadadwj\whatmpsf.dll",Init
O4 - HKLM\..\Run: [nwtcbali] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nwtcbali.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [98cc0096] rundll32.exe "C:\WINDOWS\system32\hkkcetna.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Viewpoint Search -
res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Massiel Gutierrez\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/Websi ... dge-c3.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) -
http://zone.msn.com/bingame/pacz/defaul ... online.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://zone.msn.com/bingame/luxr/defaul ... uncher.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://messenger.zone.msn.com/binary/ZAxRcMgr.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) -
http://pictures06.aim.com/ygp/aol/plugi ... .5.1.8.cabO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/softwa ... Plugin.cabO16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} (TerminalSvcsTCSX Control) -
https://mydesk-pi02.morganstanley.com/p ... vcsTCS.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZI ... b34246.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.c ... mplete.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/p ... der_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\orlmwutm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\profsycyrty.html
--
End of file - 11929 bytes