Time to break your mousewheel :D.
Avenger Log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\goebtjno
*******************
Script file located at: \??\C:\Program Files\ejtmyque.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver DomainService unloaded successfully.
File C:\WINDOWS\cookies.ini deleted successfully.
File C:\WINDOWS\System32\ajnuyjcx.dll deleted successfully.
File C:\WINDOWS\System32\akfnvrag.dll deleted successfully.
File C:\WINDOWS\System32\akxhsaik.dll deleted successfully.
File C:\WINDOWS\System32\amqqnowg.dll deleted successfully.
File C:\WINDOWS\System32\aobveehd.dll deleted successfully.
File C:\WINDOWS\System32\aptmntun.ini deleted successfully.
File C:\WINDOWS\System32\asnaxpes.ini deleted successfully.
File C:\WINDOWS\System32\auoyykfn.ini deleted successfully.
File C:\WINDOWS\System32\avhaebbw.dll deleted successfully.
File C:\WINDOWS\System32\ayovgmxm.ini deleted successfully.
File C:\WINDOWS\System32\baykhmkp.dll deleted successfully.
File C:\WINDOWS\System32\bbiaeuyn.dll deleted successfully.
File C:\WINDOWS\System32\bccyoakj.dll deleted successfully.
File C:\WINDOWS\System32\bctggvrh.dll deleted successfully.
File C:\WINDOWS\System32\bgiiglmk.dll deleted successfully.
File C:\WINDOWS\System32\bkpguxaq.dll deleted successfully.
File C:\WINDOWS\System32\bmkeepsr.dll deleted successfully.
File C:\WINDOWS\System32\bmtukuml.dll deleted successfully.
File C:\WINDOWS\System32\bpcqsjkx.exe deleted successfully.
File C:\WINDOWS\System32\bppetjol.dll not found!
Deletion of file C:\WINDOWS\System32\bppetjol.dll failed!
Could not process line:
C:\WINDOWS\System32\bppetjol.dll
Status: 0xc0000034
File C:\WINDOWS\System32\bsggcado.dll deleted successfully.
File C:\WINDOWS\System32\btqtufya.ini deleted successfully.
File C:\WINDOWS\System32\bymuxpov.exe deleted successfully.
File C:\WINDOWS\system32\cbxwxyv.dll not found!
Deletion of file C:\WINDOWS\system32\cbxwxyv.dll failed!
Could not process line:
C:\WINDOWS\system32\cbxwxyv.dll
Status: 0xc0000034
File C:\WINDOWS\System32\ceoepocf.dll deleted successfully.
File C:\WINDOWS\System32\cpsapabf.dll deleted successfully.
File C:\WINDOWS\System32\cvjhojqy.ini deleted successfully.
File C:\WINDOWS\System32\dcxmfumy.ini deleted successfully.
File C:\WINDOWS\System32\dequvfiv.ini deleted successfully.
File C:\WINDOWS\system32\dfhtdqwo.exe not found!
Deletion of file C:\WINDOWS\system32\dfhtdqwo.exe failed!
Could not process line:
C:\WINDOWS\system32\dfhtdqwo.exe
Status: 0xc0000034
File C:\WINDOWS\System32\dkxkbhev.dll deleted successfully.
File C:\WINDOWS\System32\drieuuhj.ini deleted successfully.
File C:\WINDOWS\System32\dvgolgeo.dll deleted successfully.
File C:\WINDOWS\System32\ehqwtxbh.dll deleted successfully.
File C:\WINDOWS\System32\eiemchpv.dll deleted successfully.
File C:\WINDOWS\System32\eipnuupg.ini deleted successfully.
File C:\WINDOWS\System32\elgmsnja.ini deleted successfully.
File C:\WINDOWS\System32\eqbsidll.ini deleted successfully.
File C:\WINDOWS\System32\eqlwdpvr.ini deleted successfully.
File C:\WINDOWS\System32\esalmfvu.dll deleted successfully.
File C:\WINDOWS\System32\exdpkuqf.ini deleted successfully.
File C:\WINDOWS\System32\fdeyjmom.dll deleted successfully.
File C:\WINDOWS\System32\fembqtlg.dll deleted successfully.
File C:\WINDOWS\System32\fodrgkal.dll deleted successfully.
File C:\WINDOWS\System32\fotmkora.ini deleted successfully.
File C:\WINDOWS\System32\ftwcchqk.dll deleted successfully.
File C:\WINDOWS\System32\geohlgvn.ini deleted successfully.
File C:\WINDOWS\System32\glbuwhpd.dll deleted successfully.
File C:\WINDOWS\System32\gohcuyum.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\gohcuyum.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\gohcuyum.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\gohcuyum.dll
Status: 0xc0000034
File C:\WINDOWS\System32\gpuunpie.dll deleted successfully.
File C:\WINDOWS\System32\gqwnfvbo.ini deleted successfully.
File C:\WINDOWS\System32\hcetyeop.dll deleted successfully.
File C:\WINDOWS\System32\hclppmfy.ini deleted successfully.
File C:\WINDOWS\System32\hfxqccpc.exe deleted successfully.
File C:\WINDOWS\System32\hgklpnmq.dll deleted successfully.
File C:\WINDOWS\System32\hkfmcvps.ini deleted successfully.
File C:\WINDOWS\System32\hlobtjjt.dll deleted successfully.
File C:\WINDOWS\System32\hmaouioq.ini deleted successfully.
File C:\WINDOWS\System32\hosovjyr.dll deleted successfully.
File C:\WINDOWS\System32\huxivllg.dll deleted successfully.
File C:\WINDOWS\System32\hvovhifg.exe deleted successfully.
File C:\WINDOWS\System32\ijfdrhjg.ini deleted successfully.
File C:\WINDOWS\System32\invjfjkv.ini deleted successfully.
File C:\WINDOWS\System32\itlabicf.dll deleted successfully.
File C:\WINDOWS\System32\jjjlm.bak1 deleted successfully.
File C:\WINDOWS\System32\jjjlm.bak2 deleted successfully.
File C:\WINDOWS\System32\jjjlm.ini2 deleted successfully.
File C:\WINDOWS\System32\jowaxqvk.dll deleted successfully.
File C:\WINDOWS\System32\jwaawiyy.dll deleted successfully.
File C:\WINDOWS\System32\kqkmvsfv.ini deleted successfully.
File C:\WINDOWS\System32\krvghyjt.ini deleted successfully.
File C:\WINDOWS\System32\kydrnhot.ini deleted successfully.
File C:\WINDOWS\System32\lfacwvhx.ini deleted successfully.
File C:\WINDOWS\System32\lgvxqatp.dll deleted successfully.
File C:\WINDOWS\System32\lkqcdvvh.exe deleted successfully.
File C:\WINDOWS\System32\lojteppb.ini deleted successfully.
File C:\WINDOWS\System32\lsawwlrm.dll deleted successfully.
File C:\WINDOWS\System32\ltusskyo.dll not found!
Deletion of file C:\WINDOWS\System32\ltusskyo.dll failed!
Could not process line:
C:\WINDOWS\System32\ltusskyo.dll
Status: 0xc0000034
File C:\WINDOWS\System32\mbvqksml.exe deleted successfully.
File C:\WINDOWS\System32\mcwkvuar.dll deleted successfully.
File C:\WINDOWS\System32\meuukmaf.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\mljjj.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\mljjj.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\mljjj.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\mljjj.dll
Status: 0xc0000034
File C:\WINDOWS\System32\mlngvcda.dll deleted successfully.
File C:\WINDOWS\System32\momjyedf.ini deleted successfully.
File C:\WINDOWS\System32\mugnirtp.ini deleted successfully.
File C:\WINDOWS\System32\murnbdjt.ini deleted successfully.
File C:\WINDOWS\System32\mxmgvoya.dll deleted successfully.
File C:\WINDOWS\System32\nbevrygw.ini deleted successfully.
File C:\WINDOWS\System32\ndbwlpuv.dll not found!
Deletion of file C:\WINDOWS\System32\ndbwlpuv.dll failed!
Could not process line:
C:\WINDOWS\System32\ndbwlpuv.dll
Status: 0xc0000034
File C:\WINDOWS\System32\nfkyyoua.dll deleted successfully.
File C:\WINDOWS\System32\nhmrmdcv.dll deleted successfully.
File C:\WINDOWS\System32\nwgivgwx.ini deleted successfully.
File C:\WINDOWS\System32\nxgwsook.dll deleted successfully.
File C:\WINDOWS\System32\obvfnwqg.dll deleted successfully.
File C:\WINDOWS\System32\odacggsb.ini deleted successfully.
File C:\WINDOWS\System32\orwqeols.dll deleted successfully.
File C:\WINDOWS\System32\otdljjgk.ini deleted successfully.
File C:\WINDOWS\System32\otobhppv.ini deleted successfully.
File C:\WINDOWS\System32\oykssutl.ini deleted successfully.
File C:\WINDOWS\System32\plyppboe.dll deleted successfully.
File C:\WINDOWS\System32\pspxexhb.dll deleted successfully.
File C:\WINDOWS\System32\psxruupq.dll deleted successfully.
File C:\WINDOWS\System32\ptaqxvgl.ini deleted successfully.
File C:\WINDOWS\System32\pyiruphs.dll deleted successfully.
File C:\WINDOWS\System32\qaxugpkb.ini deleted successfully.
File C:\WINDOWS\System32\qmqqwkis.dll deleted successfully.
File C:\WINDOWS\System32\qngdixqi.dll deleted successfully.
File C:\WINDOWS\System32\qplnvljh.dll deleted successfully.
File C:\WINDOWS\System32\quyjrsmv.dll deleted successfully.
File C:\WINDOWS\System32\qvjyxxlt.dll deleted successfully.
File C:\WINDOWS\System32\raifxrvc.dll deleted successfully.
File C:\WINDOWS\System32\rbgwdjnn.dll deleted successfully.
File C:\WINDOWS\System32\rblxxgfc.dll deleted successfully.
File C:\WINDOWS\System32\rmxbsaas.dll deleted successfully.
File C:\WINDOWS\System32\rspeekmb.ini deleted successfully.
File C:\WINDOWS\System32\ruybamme.ini deleted successfully.
File C:\WINDOWS\System32\rvmfjrng.dll deleted successfully.
File C:\WINDOWS\System32\rvpdwlqe.dll not found!
Deletion of file C:\WINDOWS\System32\rvpdwlqe.dll failed!
Could not process line:
C:\WINDOWS\System32\rvpdwlqe.dll
Status: 0xc0000034
File C:\WINDOWS\System32\sabgdetp.ini deleted successfully.
File C:\WINDOWS\System32\scgqaagq.dll deleted successfully.
File C:\WINDOWS\System32\sdyunhwg.dll deleted successfully.
File C:\WINDOWS\System32\sgeglwfe.dll deleted successfully.
File C:\WINDOWS\System32\skaebqal.dll deleted successfully.
File C:\WINDOWS\System32\skfprdmp.dll deleted successfully.
File C:\WINDOWS\System32\soincroh.dll deleted successfully.
File C:\WINDOWS\System32\spvcmfkh.dll deleted successfully.
File C:\WINDOWS\System32\srjuxvky.dll deleted successfully.
File C:\WINDOWS\System32\tbkrofbm.dll deleted successfully.
File C:\WINDOWS\System32\teuyleed.ini deleted successfully.
File C:\WINDOWS\System32\tfeyayrh.dll deleted successfully.
File C:\WINDOWS\System32\tgpmpdlc.dll deleted successfully.
File C:\WINDOWS\System32\tjdcelfg.ini deleted successfully.
File C:\WINDOWS\System32\tjsebcov.dll deleted successfully.
File C:\WINDOWS\System32\tluuptfd.dll deleted successfully.
File C:\WINDOWS\System32\tpwplmba.dll deleted successfully.
File C:\WINDOWS\System32\tqaeroqw.ini deleted successfully.
File C:\WINDOWS\System32\tsmamhhw.ini deleted successfully.
File C:\WINDOWS\System32\txocnevi.dll deleted successfully.
File C:\WINDOWS\System32\uhsbyakd.ini deleted successfully.
File C:\WINDOWS\System32\umldeegr.exe deleted successfully.
File C:\WINDOWS\System32\umxcjgig.dll deleted successfully.
File C:\WINDOWS\System32\unahyxnd.ini deleted successfully.
File C:\WINDOWS\System32\unuwjeey.dll deleted successfully.
File C:\WINDOWS\System32\usheagik.ini deleted successfully.
File C:\WINDOWS\System32\usixyvfi.ini deleted successfully.
File C:\WINDOWS\System32\uwlkqotr.ini deleted successfully.
File C:\WINDOWS\System32\vcaxqqsd.dll deleted successfully.
File C:\WINDOWS\System32\vehbkxkd.ini deleted successfully.
File C:\WINDOWS\System32\vfqarpui.ini deleted successfully.
File C:\WINDOWS\System32\vfwjliug.ini deleted successfully.
File C:\WINDOWS\System32\visfrcon.ini deleted successfully.
File C:\WINDOWS\System32\vstlfmgt.dll deleted successfully.
File C:\WINDOWS\System32\vuplwbdn.ini deleted successfully.
File C:\WINDOWS\System32\wadkeubg.dll deleted successfully.
File C:\WINDOWS\System32\wdbemlrk.ini deleted successfully.
File C:\WINDOWS\System32\wirpjbbt.ini deleted successfully.
File C:\WINDOWS\System32\wotliugp.dll deleted successfully.
File C:\WINDOWS\System32\wwwtvnhj.ini deleted successfully.
File C:\WINDOWS\System32\wxicejca.dll deleted successfully.
File C:\WINDOWS\System32\xakicgdn.dll deleted successfully.
File C:\WINDOWS\System32\xcqhdxpq.dll deleted successfully.
File C:\WINDOWS\System32\xdytwefu.dll deleted successfully.
File C:\WINDOWS\System32\xfmffimv.ini deleted successfully.
File C:\WINDOWS\System32\xjhtlgfv.dll deleted successfully.
File C:\WINDOWS\System32\xmmlsmwu.ini deleted successfully.
File C:\WINDOWS\System32\xnjvtuoi.dll deleted successfully.
File C:\WINDOWS\System32\xoaxknhf.dll deleted successfully.
File C:\WINDOWS\System32\xwgvigwn.dll not found!
Deletion of file C:\WINDOWS\System32\xwgvigwn.dll failed!
Could not process line:
C:\WINDOWS\System32\xwgvigwn.dll
Status: 0xc0000034
File C:\WINDOWS\System32\xxvqqbiv.ini deleted successfully.
File C:\WINDOWS\SYSTEM32\yfmpplch.dll deleted successfully.
File C:\WINDOWS\System32\yjhuidfo.exe deleted successfully.
File C:\WINDOWS\System32\ymufmxcd.dll deleted successfully.
File C:\WINDOWS\System32\ypdchbjs.ini deleted successfully.
File C:\WINDOWS\System32\ysssrgpj.dll deleted successfully.
File C:\WINDOWS\System32\yvavhopl.ini deleted successfully.
File C:\WINDOWS\System32\ywiibija.dll deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
After that, the next step was to run Vundofix.exe... The funny thing was I had already run it a week prior. After another try at running it, it picked up nothing. I did however recover the log file from when I used it:
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 4:41:44 AM 1/24/2008
Listing files found while scanning....
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 4:43:00 AM 1/24/2008
Listing files found while scanning....
C:\windows\system32\ooxxmlhn.exe
C:\windows\system32\ucgjfwbi.exe
C:\windows\system32\ucgjfwbi.exe
Beginning removal...
Attempting to delete C:\windows\system32\ooxxmlhn.exe
C:\windows\system32\ooxxmlhn.exe Has been deleted!
Attempting to delete C:\windows\system32\ucgjfwbi.exe
C:\windows\system32\ucgjfwbi.exe Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 4:05:20 PM 2/13/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
The setup of that log is strange, but that's what was in it.
Next I ran the fix and then did the scan again.
WinPFind35 logfile created on: 2/13/2008 4:12:33 PM
WinPFind35U Version Beta51 Folder = C:\Documents and Settings\Matthew\Desktop\WinPFind35u\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5700.6)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.48 Mb Total Physical Memory | 694.42 Mb Available Physical Memory | 67.91% Memory free
2.40 Gb Paging File | 2.21 Gb Available in Paging File | 92.02% Paging File free
Paging file location(s): C:\pagefile.sys 1533 2000;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 6.78 Gb Free Space | 12.14% Space Free | Partition Type: NTFS
Drive D: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DRAGOON
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr = ]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/21/2005 1:07:22 AM | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 7:05:04 AM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 8/6/2005 12:07:30 AM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr = ]
ati2sgag.exe -> %SystemRoot%\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 8/5/2005 8:05:00 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 4/19/2007 12:35:46 PM | Attr = ]
tangoservice.exe -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe -> [Ver = | Size = 57344 bytes | Modified Date = 8/5/2003 12:48:04 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stop_Pending] -> %SystemRoot%\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 8/5/2005 8:05:00 PM | Attr = ]
(AVP) Kaspersky Internet Security 7.0 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr = ]
(C-DillaSrv) C-DillaSrv [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.22.020 | Size = 32256 bytes | Modified Date = 1/15/2001 3:20:24 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/25/2007 10:46:36 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 4/19/2007 12:35:46 PM | Attr = ]
(lnss_sscans) GFI LANguard N.S.S. Scheduled Scans Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\GFI\LANguard Network Security Scanner 3\sscansvc.exe -> GFI Software Ltd. [Ver = 1.0.0.0 | Size = 545792 bytes | Modified Date = 3/25/2003 9:28:09 AM | Attr = ]
(Lotus Domino Server (LotusDominoData)) Lotus Domino Server (LotusDominoData) [Win32_Own | Disabled | Stopped] -> %SystemDrive%\Lotus\Domino\nservice.exe =C:\Lotus\Domino\notes.ini -> File not found
(lxcg_device) lxcg_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 2:25:18 PM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 8/17/2004 12:28:39 AM | Attr = ]
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(TangoService) Tango Service [Win32_Own | Auto | Running] -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe -> [Ver = | Size = 57344 bytes | Modified Date = 8/5/2003 12:48:04 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> File not found
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 8/6/2005 12:07:30 AM | Attr = ]
EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 7:05:04 AM | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 7/12/2005 8:36:32 AM | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/21/2005 1:07:22 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Matthew Startup Folder > -> C:\Documents and Settings\Matthew\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 91400 bytes | Modified Date = 6/28/2007 12:51:42 PM | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 8/3/2005 10:04:18 PM | Attr = ]
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3762 | Size = 339968 bytes | Modified Date = 2/10/2004 10:51:10 AM | Attr = ]
klogon -> %SystemRoot%\SYSTEM32\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 6/28/2007 12:51:48 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> about:blank ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: ProxyOverride -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 9082 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
pagebuilder_yahoo.com [http] -> Trusted sites ->
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 12:03:00 AM | Attr = ]
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [Ver = | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{BD7BC06F-CEB5-4DC8-9FC7-527FF4A6D075} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mljjj.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr = ]
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{B24BA06E-FB7B-4757-95C2-DC01125F750E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\YRefresher\YRefresher.dll [RefresherBand Class] -> [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 8/3/2001 4:58:00 PM | Attr = ]
WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr = ]
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 12:51:52 PM | Attr = ]
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{05DB2DBC-96A4-44E5-AAA9-DC7412F20FAC} -> () ->
{35F9BBB5-A959-43F0-80F7-0F6923025BD9} -> () ->
{8FC6E816-37A0-48A9-BDDA-2088FA798118} -> (Linksys Wireless-G PCI Network Adapter with SpeedBooster) ->
{92B79E50-D28C-434C-8858-0759CEAABFB9} -> () ->
{D06F0E39-1B9B-4ED6-B6AF-91333A6F7F5A} -> (Linksys NC100 Fast Ethernet Adapter) ->
{F40BF3AF-8983-4906-9980-93E843C90751} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{B5AB638F-D76C-415B-A8F2-F3CEAC502212}] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{B5AB638F-D76C-415B-A8F2-F3CEAC502212}] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] ->
{00000161-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/msaudio.cab[Reg Error: Key does not exist or could not be opened.] ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139482890553[WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150849108162[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38198.9629050926[Reg Error: Key does not exist or could not be opened.] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[ZoneIntro Class] ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-000000000000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Reg Error: Key does not exist or could not be opened.] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v7.cab[PopCapLoader Object] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
Yahoo! Graffiti[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/clients/y/grt5_x.cab[Reg Error: Key does not exist or could not be opened.] ->
[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 2/13/2008 4:02:05 PM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 1/25/2008 2:08:58 PM | Attr = ]
KAV -> %SystemDrive%\KAV -> [Folder | Created Date = 1/24/2008 6:12:48 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2/7/2008 2:28:26 AM | Attr = ]
UBCD4Win -> %SystemDrive%\UBCD4Win -> [Folder | Created Date = 1/24/2008 5:21:53 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/24/2008 4:41:44 AM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.05.0010 | Size = 115200 bytes | Modified Date = 1/24/2008 4:41:27 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 10637344 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 111020 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 79904 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 9608 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr = ]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 85860 bytes | Modified Date = 1/24/2008 11:36:41 AM | Attr = ]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 91700 bytes | Modified Date = 2/4/2008 1:54:49 AM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2/7/2008 2:41:34 AM | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 1/18/2008 8:31:10 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 1/25/2008 2:19:39 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 2/13/2008 4:02:05 PM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 1/25/2008 2:18:21 PM | Attr = ]
KAV -> %SystemDrive%\KAV -> [Folder | Modified Date = 1/24/2008 11:36:15 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/13/2008 3:59:52 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2/7/2008 3:17:20 AM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 2/7/2008 3:06:04 AM | Attr = ]
UBCD4Win -> %SystemDrive%\UBCD4Win -> [Folder | Modified Date = 1/24/2008 5:28:16 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2/13/2008 4:05:18 PM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.05.0010 | Size = 115200 bytes | Modified Date = 1/24/2008 4:41:27 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/13/2008 4:11:29 PM | Attr = ]
ETC -> %SystemRoot%\System32\drivers\ETC -> [Folder | Modified Date = 2/7/2008 2:49:39 AM | Attr = ]
HOSTS -> %SystemRoot%\System32\drivers\ETC\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 2/7/2008 2:49:39 AM | Attr = ]
hosts.ics -> %SystemRoot%\System32\drivers\ETC\hosts.ics -> [Ver = | Size = 492 bytes | Modified Date = 2/13/2008 4:02:56 PM | Attr = ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 10637344 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 111020 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 79904 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 9608 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr = HS]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr = ]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 85860 bytes | Modified Date = 1/24/2008 11:36:41 AM | Attr = ]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 1/24/2008 11:37:40 AM | Attr = ]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 91700 bytes | Modified Date = 2/4/2008 1:54:49 AM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/7/2008 3:44:43 AM | Attr = ]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 1/24/2008 11:31:35 AM | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 2/13/2008 4:02:05 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 2/13/2008 4:11:19 PM | Attr = S]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2/7/2008 2:41:57 AM | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 1/18/2008 8:31:10 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 1/25/2008 2:19:39 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 1/24/2008 6:19:36 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/24/2008 6:31:32 AM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/13/2008 2:34:40 PM | Attr = ]
SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 2/13/2008 3:59:57 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/13/2008 4:10:00 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/13/2008 4:11:23 PM | Attr = H ]
User_Feed_Synchronization-{5DC94FE9-9328-4842-9B7C-55792775CDB8}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{5DC94FE9-9328-4842-9B7C-55792775CDB8}.job -> [Ver = | Size = 426 bytes | Modified Date = 2/13/2008 1:02:45 PM | Attr = H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 9155 bytes | Modified Date = 2/15/2005 3:22:47 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5174 bytes | Modified Date = 12/1/2007 5:42:38 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 12/1/2007 5:42:38 PM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 1/17/2008 10:49:48 AM | Attr = ]
Perflib_Perfdata_350.dat -> C:\Documents and Settings\Matthew\Local Settings\Temp\Perflib_Perfdata_350.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/13/2008 4:11:50 PM | Attr = ]
Perflib_Perfdata_524.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_524.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/13/2008 4:12:21 PM | Attr = ]
< End of report >
That was the resulting log.
I disabled the internet on the target machine while all of this was being done. The computer I'm using now is leeching the internet off of the infected machine, so I had to enable the internet after the last fix/scan was performed. I won't be testing explorer until you tell me to
. I'm just glad this computer doesn't suffer from the infection that the host does.
Err and a quick edit:
Pretty sure its some form of malware and not performance issue. I had originally posted that the searchfeed was coming in the form of popups that would cripple internet explorer until they loaded up, but unfortunately that information vanished when I first tried to post a HJT log, and never got added the second time around. Totally my bad!
This post has been edited by Dragoon The Lad: 13 February 2008 - 04:25 PM
Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Back to top
