Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Dont Know What Is Wrong (autoup~1.exe, Autoupdatewin33.exe)


  • This topic is locked This topic is locked
25 replies to this topic

#1 dedred

dedred

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 17 October 2007 - 08:15 PM

i dont know whats wrong with my pc,

Posted Image

i use win xp sp2

i run (spybot, hijackthis, NoAdware, Ad-Aware SE) every day at 4am

i am gratefull for any help you guys can give me to get rid of this

my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:07:38 PM, on 10/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\AUTOUP~1.EXEC:\WINDOWS\AutoUpdateWin33.exeC:\Documents and Settings\Shana\Local Settings\Temporary Internet Files\Content.IE5\ZA037HSD\HiJackThis[1].exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [url="http://localhost:9100/proxy.pac"]http://localhost:9100/proxy.pac[/url]O2 - BHO: (no name) - {00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF} - C:\DOCUME~1\Shana\APPLIC~1\SENDCL~1\first copy.exe (file missing)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Proxy Connection support DLL - {1DC9D850-044D-11E1-B3C9-00805E499D93} - C:\WINDOWS\system32\proxyspd.dllO2 - BHO: (no name) - {25ECDCB1-D13F-4422-A3B5-1AAFCAC70879} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33} - C:\DOCUME~1\Shana\APPLIC~1\SENDCL~1\first copy.exe (file missing)O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\AutoUpdateWin31.dllO3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: 100% Free Chess Toolbar - {0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696} - C:\Program Files\100% Free Chess Toolbar\v2.0.0.5\100%_Free_Chess_Toolbar.dll (file missing)O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Inside the site download] C:\Documents and Settings\All Users.WINDOWS\Application Data\pop draw inside the\16body.exeO4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exeO4 - HKLM\..\Run: [Privacy Cleaner Pro] "C:\PROGRA~1\PRIVAC~1\pcp.exe"O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [CARPService] carpserv.exeO4 - HKCU\..\Run: [owki] C:\PROGRA~1\COMMON~1\owki\owkim.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"O4 - HKCU\..\Run: [Test1] C:\DOCUME~1\Shana\APPLIC~1\PHONED~1\NameGlobal.exeO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exeO4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -bO4 - Global Startup: 2Wire Wireless Client.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exeO4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO13 - WWW Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url="http://go.divx.com/plugin/DivXBrowserPlugin.cab"]http://go.divx.com/plugin/DivXBrowserPlugin.cab[/url]O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - [url="http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab"]http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab[/url]O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - [url="http://www.crucial.com/controls/cpcScanner.cab"]http://www.crucial.com/controls/cpcScanner.cab[/url]O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url="http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx"]http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{08B5DB62-E103-4471-9CAC-3B00588CBED9}: NameServer = 198.6.100.150 198.6.1.150O17 - HKLM\System\CS4\Services\Tcpip\..\{08B5DB62-E103-4471-9CAC-3B00588CBED9}: NameServer = 198.6.100.150 198.6.1.150O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)--End of file - 7444 bytes

mySmitfraudFix log

SmitFraudFix v2.240Scan done at 16:09:47.55, Wed 10/17/2007Run from C:\Documents and Settings\Shana\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» hosts127.0.0.1       localhost»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 FixS!Ri's WS2Fix: LSP not Found.»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected filesC:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted»»»»»»»»»»»»»»»»»»»»»»»» DNSDescription: National Semiconductor DP83815-Based PCI Fast Ethernet Adapter - Packet Scheduler MiniportDNS Server Search Order: 66.75.164.90DNS Server Search Order: 66.75.164.89HKLM\SYSTEM\CCS\Services\Tcpip\..\{86D18224-C5B0-4096-8B8C-C7BFE3F28A0C}: DhcpNameServer=66.75.164.90 66.75.164.89»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"=""»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done.  »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» End

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 27 October 2007 - 05:21 AM

Hello, my name is Rorschach and I'll be helping you with your problems. Theres no need to put the logs in code boxes or attach them as it makes them difficult to read.


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items, Reg - Uninstall List.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

#3 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 28 October 2007 - 12:57 AM

combo fix log


ComboFix 07-10-27.4 - my name 2007-10-27 22:33:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.275 [GMT -7:00]
Running from: C:\Documents and Settings\my name\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\my name\Application Data\macromedia\Flash Player\#SharedObjects\ERRSJZEW\www.broadcaster.com
C:\Documents and Settings\my name\Application Data\macromedia\Flash Player\#SharedObjects\ERRSJZEW\www.broadcaster.com\played_list.sol
C:\Documents and Settings\my name\Application Data\macromedia\Flash Player\#SharedObjects\ERRSJZEW\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\my name\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\my name\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\model.dat
c:\WINDOWS\system32\rwbmavamxd.dat
c:\windows\system32\rwbmavamxd.exe
C:\WINDOWS\system32\rwbmavamxd_nav.dat
c:\WINDOWS\system32\rwbmavamxd_navps.dat
C:\WINDOWS\system32\silc_dll.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.

2007-10-27 22:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 13:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-10-24 19:11 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-24 19:11 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-24 19:11 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-24 19:11 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-24 19:11 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-24 19:11 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-24 19:11 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-24 19:11 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-20 20:44 <DIR> d-------- C:\Documents and Settings\my name\Application Data\Recorder
2007-10-20 20:43 <DIR> d-------- C:\Program Files\Recorder
2007-10-20 20:27 75,776 --a------ C:\WINDOWS\system32\DWSPY36.dll
2007-10-20 20:27 57,344 --a------ C:\WINDOWS\system32\TaskScheduler.dll
2007-10-20 20:27 10,752 --a------ C:\WINDOWS\system32\hh.exe
2007-10-17 23:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-17 16:09 3,818 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 22:59 <DIR> d-------- C:\scrips and bots
2007-10-13 19:20 <DIR> d-------- C:\Program Files\Computer Alarm Clock
2007-10-13 19:13 45,056 --a------ C:\WINDOWS\AutoUpdateWin32.exe
2007-10-13 19:13 32,768 --a------ C:\WINDOWS\AutoUpdateWin33.exe
2007-10-13 19:13 24,576 --a------ C:\WINDOWS\WindowsUpdates.exe
2007-10-11 10:53 <DIR> d-------- C:\Program Files\RuneScape Toolkit
2007-10-11 10:53 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-10-10 12:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Protexis
2007-10-10 12:04 80 -r-hs---- C:\WINDOWS\system32\FCC520E3F3.dll
2007-10-10 12:03 <DIR> d-------- C:\Program Files\decomp
2007-10-10 12:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 11:03 <DIR> d-------- C:\Documents and Settings\my name\.jcavaj
2007-10-09 12:29 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 16:49 <DIR> d-------- C:\Documents and Settings\my name\.SunDownloadManager
2007-10-03 11:17 <DIR> d-------- C:\Program Files\Project64 1.6
2007-10-03 10:01 <DIR> d-------- C:\Program Files\Plus!
2007-10-03 09:59 <DIR> d-------- C:\Program Files\VVSN
2007-10-03 09:59 <DIR> d-------- C:\Program Files\OneStepSearch
2007-10-03 09:59 <DIR> d-------- C:\Program Files\filesubmit
2007-10-03 00:40 <DIR> d-------- C:\Program Files\WeeCamW2k-USB

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 05:46 --------- d-----w C:\Documents and Settings\my name\Application Data\uTorrent
2007-10-26 23:48 --------- d-----w C:\Program Files\SwiftSwitch
2007-10-21 03:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-21 03:43 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-14 04:11 --------- d-----w C:\Program Files\NoAdware5.0
2007-10-10 06:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 17:01 257,880 ----a-w C:\WINDOWS\Cursors\Final Fantasy Logos.exe
2007-09-17 23:24 --------- d-----w C:\Program Files\CONEXANT
2007-09-08 19:04 --------- d-----w C:\Program Files\PlayOnline
2007-09-08 19:04 --------- d-----w C:\Program Files\directx
2007-09-08 00:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SwiftSwitch
2007-05-27 06:17 10,532 ----a-w C:\Program Files\skankycelebs.htm
2007-05-27 05:11 28,288 ----a-w C:\Program Files\XJIS.NLS
2005-05-16 02:12 101 -c--a-w C:\Program Files\rs.abc
2001-03-31 12:00 24,576 -c--a-w C:\Program Files\Common Files\upddebug.exe
2001-03-31 12:00 120,823 -c--a-w C:\Program Files\Common Files\mscombtl32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF}]
C:\DOCUME~1\my name\APPLIC~1\SENDCL~1\first copy.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DC9D850-044D-11E1-B3C9-00805E499D93}]
2001-03-31 05:00 143360 --a------ C:\WINDOWS\system32\proxyspd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25ECDCB1-D13F-4422-A3B5-1AAFCAC70879}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33}]
C:\DOCUME~1\my name\APPLIC~1\SENDCL~1\first copy.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]
C:\WINDOWS\AutoUpdateWin31.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696}"= C:\Program Files\100% Free Chess Toolbar\v2.0.0.5\100%_Free_Chess_Toolbar.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E088B-0E2B-47a6-A070-7307CB4A4F71}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696}"= C:\Program Files\100% Free Chess Toolbar\v2.0.0.5\100%_Free_Chess_Toolbar.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E088B-0E2B-47a6-A070-7307CB4A4F71}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 12:56]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 02:50 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-03 10:50]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 19:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Inside the site download"="C:\Documents and Settings\All Users.WINDOWS\Application Data\pop draw inside the\16body.exe" [2007-07-12 00:17]
"Secure"="C:\WINDOWS\WindowsUpdates.exe" [2007-10-13 19:13]
"Computer Alarm Clock"="" []
"Privacy Cleaner Pro"="C:\PROGRA~1\PRIVAC~1\pcp.exe" []
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 19:10]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"owki"="C:\PROGRA~1\COMMON~1\owki\owkim.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-17 11:53]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-17 11:53]
"Test1"="C:\DOCUME~1\my name\APPLIC~1\PHONED~1\NameGlobal.exe" []
"ModemOnHold"="C:\Program Files\NetWaiting\netwaiting.exe" []
"AOL Fast Start"="C:\Program Files\America Online 9.0e\AOL.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"Messenger"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)

R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
R3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys
S3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys
S3 VendorJoystickEnabler;XCtrl XBOX Control HID Minidriver r1;C:\WINDOWS\system32\Drivers\xctrl.sys
S3 WPC11;Instant Wireless Network PC Card V3.0 Driver;C:\WINDOWS\system32\DRIVERS\LSWLNDS.sys
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys
S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c20a7261-1fd5-11d9-b7d6-00038a000015}]
AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-07-12 07:17:10 C:\WINDOWS\Tasks\B1E69F8093CD1008.job"
- c:\docume~1\my name\applic~1\phoned~1\stupid 01 option.exe
"2004-10-13 20:44:01 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2007-10-26 01:56:27 C:\WINDOWS\Tasks\McAfee.com Update Check (my name).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 22:45:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-27 22:47:51 - machine was rebooted
.
--- E O F ---

#4 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 28 October 2007 - 01:40 AM

wipfind3 log

WinPFind3 logfile created on: 10/27/2007 10:56:36 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\my name\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

702.48 Mb Total Physical Memory | 261.46 Mb Available Physical Memory | 37.22% Memory free
954.45 Mb Paging File | 591.29 Mb Available in Paging File | 61.95% Paging File free
Paging file location(s): C:\pagefile.sys 288 576;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 14.27 Gb Free Space | 25.53% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: my name
Current User Name: my name
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 5/15/2004 7:27:50 PM | Attr = ]
carpserv.exe -> %System32%\carpserv.exe -> Conexant Systems, Inc. [Ver = 6.02.05 | Size = 4608 bytes | Modified Date = 5/21/2003 3:35:50 PM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 37888 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
prismsvr.exe -> %System32%\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 1.01.16 | Size = 290905 bytes | Modified Date = 4/13/2004 7:45:30 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/3/2006 10:50:54 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 5/15/2004 7:27:50 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcshield.exe -> File not found
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> File not found
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcvsrte.exe -> File not found
(OneStep Search Service) OneStep Search Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\OneStepSearch\onestep.exe -> File not found
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> File not found
CARPService -> %System32%\carpserv.exe -> Conexant Systems, Inc. [Ver = 6.02.05 | Size = 4608 bytes | Modified Date = 5/21/2003 3:35:50 PM | Attr = ]
Computer Alarm Clock -> -> File not found
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb07.exe -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 11/3/2002 12:56:18 PM | Attr = ]
Inside the site download -> %AllUsersAppData%\pop draw inside the\16body.exe -> [Ver = | Size = 521216 bytes | Modified Date = 7/12/2007 12:17:02 AM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 2:50:00 AM | Attr = ]
MCAgentExe -> %SystemDrive%\PROGRA~1\mcafee.com\agent\mcagent.exe -> File not found
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 7 | Size = 180224 bytes | Modified Date = 8/21/2003 7:10:50 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PRISMSVR.EXE -> %System32%\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 1.01.16 | Size = 290905 bytes | Modified Date = 4/13/2004 7:45:30 PM | Attr = ]
Privacy Cleaner Pro -> %SystemDrive%\PROGRA~1\PRIVAC~1\pcp.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
Secure -> %SystemRoot%\WindowsUpdates.exe -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/13/2007 7:13:32 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/3/2006 10:50:54 AM | Attr = ]
VirusScan Online -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcvsshld.exe -> File not found
VSOCheckTask -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
µTorrent -> %ProgramFiles%\uTorrent\utorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 9/17/2007 11:53:02 AM | Attr = ]
AOL Fast Start -> %ProgramFiles%\America Online 9.0e\AOL.EXE -> File not found
ModemOnHold -> %ProgramFiles%\NetWaiting\netwaiting.exe -> File not found
owki -> %SystemDrive%\PROGRA~1\COMMON~1\owki\owkim.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe -> File not found
Test1 -> %SystemDrive%\DOCUME~1\my name\APPLIC~1\PHONED~1\NameGlobal.exe -> File not found
uTorrent -> %ProgramFiles%\uTorrent\utorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 9/17/2007 11:53:02 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
%AllUsersStartup%\2Wire Wireless Client.lnk -> %ProgramFiles%\2Wire 802.11g Wireless\PRISMCFG.exe -> 2Wire Inc. [Ver = 1.01.17 | Size = 335979 bytes | Modified Date = 4/13/2004 8:47:56 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\hp instant support.lnk -> %ProgramFiles%\Hewlett-Packard\hpis\bin\matcli.exe -> Motive Communications, Inc. [Ver = 4.03.03.20020509_090000 | Size = 208896 bytes | Modified Date = 5/9/2002 9:44:20 AM | Attr = ]
%AllUsersStartup%\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [Ver = | Size = 1134592 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF} [HKLM] -> %SystemDrive%\DOCUME~1\my name\APPLIC~1\SENDCL~1\first copy.exe [Reg Data - Value does not exist] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{1DC9D850-044D-11E1-B3C9-00805E499D93} [HKLM] -> %System32%\proxyspd.dll [Proxy Connection support DLL] -> [Ver = 6, 0, 2800, 1106 | Size = 143360 bytes | Modified Date = 3/31/2001 5:00:12 AM | Attr = ]
{25ECDCB1-D13F-4422-A3B5-1AAFCAC70879} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33} [HKLM] -> %SystemDrive%\DOCUME~1\my name\APPLIC~1\SENDCL~1\first copy.exe [Reg Data - Value does not exist] -> File not found
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [Ver = | Size = 303104 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
{A75E294E-C047-4D29-B07E-37B792881BEF} [HKLM] -> %SystemRoot%\AutoUpdateWin31.dll [AleTrack Class] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 1:30:02 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 1:30:02 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696} [HKLM] -> %ProgramFiles%\100% Free Chess Toolbar\v2.0.0.5\100%_Free_Chess_Toolbar.dll [100% Free Chess Toolbar] -> File not found
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 15 | Size = 114743 bytes | Modified Date = 8/18/2003 12:19:32 PM | Attr = ]
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 303104 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696} [HKLM] -> %ProgramFiles%\100% Free Chess Toolbar\v2.0.0.5\100%_Free_Chess_Toolbar.dll [100% Free Chess Toolbar] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 303104 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AIM Search -> Reg Data - Value does not exist -> File not found
&AOL Toolbar search -> Reg Data - Value does not exist -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 6:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
Alexa Toolbar -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{241BAEEF-1D85-4F3B-881A-D1F0D12F6AA5} -> (2Wire Gateway USB) ->
{57668A1B-0A09-4082-A5E5-297B6CBFF973} -> (National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter) ->
{86D18224-C5B0-4096-8B8C-C7BFE3F28A0C} -> (2Wire 802.11g Cardbus Wireless LAN Card) ->
{BC89A6B3-7E23-490C-B2DF-DB3720ABFCA3} -> () ->
{C5CE0E7E-FA26-4337-B033-4FF5BB799235} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shock...director/sw.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://go.divx.com/plugin/DivXBrowserPlugin.cab ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D} -> HpProductDetection Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab ->
{814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} -> DASWebDownload Class - CodeBase = http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
ERSvc -> ->
FastUserSwitchingCompatibility -> ->
Messenger -> ->
Schedule -> ->
WZCSVC -> ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4} -> Matrix-ks ->
{3248F0A8-6813-11D6-A77B-00B0D0150090} -> J2SE Runtime Environment 5.0 Update 9 ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{3C0619B4-4A2C-4244-8077-488E420DF907} -> FINAL FANTASY XI: Chains of Promathia ->
{3D5A72E1-1467-4199-8CF6-12DA8D502A6B} -> Veoh Player ->
{45EBDA59-D33B-433A-956E-B2F236468B56} -> MUSICMATCH® Jukebox ->
{47004155-7376-403E-89E9-4C9F44AAF0D0} -> PlayOnline Viewer and Tetra Master ->
{49672EC2-171B-47B4-8CE7-50D7806360D7} -> Windows Live Sign-in Assistant ->
{4EF69D40-4DC9-485E-95D3-B1C22F218FC8} -> upapp ->
{571700F0-DB9D-4B3A-B03D-35A14BB5939F} -> Windows Live Messenger ->
{5809E7CF-4DCF-11D4-9875-00105ACE7734} -> Logitech MouseWare 9.79.1 ->
{5E863175-E85D-44A6-8968-82507D34AE7F} -> QuickTime ->
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0 ->
{678F6475-D227-432A-94FF-806178A34520} -> FINAL FANTASY XI ->
{6A1975EB-27E6-491D-94BC-6355FA25F40F} -> Google Web Accelerator ->
{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE} -> FINAL FANTASY XI: Rise of the Zilart ->
{8AD2EA30-5049-11D4-A08E-0080AD97BBF5} -> DJ Java Decompiler v.3.9.9.91 ->
{8E1DCD15-C9F1-49CE-807B-198C8241EB6B} -> ALi USB2.0 Driver ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{9559F7CA-5E34-4237-A2D9-D856464AD727} -> Project64 1.6 ->
{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5} -> Enter The Matrix ->
{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D} -> 2Wire Wireless Client ->
{A606C6FF-12E7-40BE-B777-D8F360FF00CD} -> FINAL FANTASY XI: Treasures of Aht Urhgan ->
{AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9 ->
{B6F7DBE7-2FE2-458F-A738-B10832746036} -> Microsoft Reader ->
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player ->
{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} -> HP Product Detection ->
{D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader ->
{E0E400F5-422B-4540-A14F-B0739D71FEE7} -> Microsoft Reader Text-to-Speech for English ->
AC3Filter -> AC3Filter (remove only) ->
Action Replay XBOX_is1 -> Action Replay XBOX 1.40 ->
Ad-Aware SE Personal -> Ad-Aware SE Personal ->
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 ->
Adobe Shockwave Player -> Adobe Shockwave Player ->
ATI Display Driver -> ATI Display Driver ->
CDex -> CDex extraction audio ->
CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C -> Conexant 56K ACLink Modem ->
CNXT_MODEM_USB_VID_148D&PID_1671 -> Creative Modem Blaster V.92 USB ->
Combined Community Codec Pack -> Combined Community Codec Pack 2006-07-28 (Remove Only) ->
Computer Alarm Clock -> Computer Alarm Clock ->
Conexant PCI Audio -> Conexant AC-Link Audio ->
Cool's_Codec_pack_4.12 -> Codec Pack - All In 1 6.0.3.0 ->
DVD Decrypter -> DVD Decrypter (Remove Only) ->
ffdshow -> ffdshow (remove only) ->
Guild Wars -> Guild Wars ->
HijackThis -> HijackThis 2.0.2 ->
hp instant support -> hp instant support ->
HUFFYUV -> Huffyuv AVI lossless video codec (Remove Only) ->
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->
ie7 -> Windows Internet Explorer 7 ->
InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907} -> FINAL FANTASY XI: Chains of Promathia ->
InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B} -> Veoh Player ->
InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0} -> PlayOnline Viewer and Tetra Master ->
InstallShield_{678F6475-D227-432A-94FF-806178A34520} -> FINAL FANTASY XI ->
InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE} -> FINAL FANTASY XI: Rise of the Zilart ->
InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD} -> FINAL FANTASY XI: Treasures of Aht Urhgan ->
kazaalite202_is1 -> Kazaa Lite K++ v2.4.3 ->
KB834707 -> Windows XP Hotfix - KB834707 ->
KB867282 -> Windows XP Hotfix - KB867282 ->
KB873333 -> Windows XP Hotfix - KB873333 ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB883939 -> Security Update for Windows XP (KB883939) ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB887742 -> Windows XP Hotfix - KB887742 ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890047 -> Windows XP Hotfix - KB890047 ->
KB890175 -> Windows XP Hotfix - KB890175 ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB890923 -> Windows XP Hotfix - KB890923 ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) ->
KB893066 -> Windows XP Hotfix - KB893066 ->
KB893086 -> Windows XP Hotfix - KB893086 ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803 -> Windows Installer 3.1 (KB893803) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896422 -> Security Update for Windows XP (KB896422) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB896688 -> Security Update for Windows XP (KB896688) ->
KB896727 -> Update for Windows XP (KB896727) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899588 -> Security Update for Windows XP (KB899588) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901190 -> Security Update for Windows XP (KB901190) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB903235 -> Security Update for Windows XP (KB903235) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB904942 -> Update for Windows XP (KB904942) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB905915 -> Security Update for Windows XP (KB905915) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Security Update for Windows XP (KB908531) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Security Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911565 -> Security Update for Windows Media Player 10 (KB911565) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912812 -> Security Update for Windows XP (KB912812) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB913446 -> Security Update for Windows XP (KB913446) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914440 -> Hotfix for Windows XP (KB914440) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB916281 -> Security Update for Windows XP (KB916281) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB918899 -> Security Update for Windows XP (KB918899) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920214 -> Security Update for Windows XP (KB920214) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921503 -> Security Update for Windows XP (KB921503) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922760 -> Security Update for Windows XP (KB922760) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923689 -> Security Update for Windows XP (KB923689) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925454 -> Security Update for Windows XP (KB925454) ->
KB925486 -> Security Update for Windows XP (KB925486) ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926239 -> Hotfix for Windows XP (KB926239) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB927891 -> Update for Windows XP (KB927891) ->
KB928090 -> Security Update for Windows XP (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929123 -> Security Update for Windows XP (KB929123) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) ->
KB929969 -> Security Update for Windows XP (KB929969) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931768 -> Security Update for Windows XP (KB931768) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB931836 -> Update for Windows XP (KB931836) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
KB933360 -> Update for Windows XP (KB933360) ->
KB933566 -> Security Update for Windows XP (KB933566) ->
KB933729 -> Security Update for Windows XP (KB933729) ->
KB935839 -> Security Update for Windows XP (KB935839) ->
KB935840 -> Security Update for Windows XP (KB935840) ->
KB936021 -> Security Update for Windows XP (KB936021) ->
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782) ->
KB937143 -> Security Update for Windows XP (KB937143) ->
KB938127 -> Security Update for Windows XP (KB938127) ->
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127) ->
KB938828 -> Update for Windows XP (KB938828) ->
KB938829 -> Security Update for Windows XP (KB938829) ->
KB939653 -> Security Update for Windows XP (KB939653) ->
KB939683 -> Hotfix for Windows Media Player 11 (KB939683) ->
KB941202 -> Security Update for Windows XP (KB941202) ->
Logitech Resource Center -> Logitech Resource Center ->
Lucent Technologies Soft Modem -> Lucent Technologies Soft Modem AMR ->
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP ->
Nero - Burning Rom!UninstallKey -> Nero OEM ->
NeuroSpeech IESpeaker -> NeuroSpeech IESpeaker ->
NeuroSpeech PDFSpeaker -> NeuroSpeech PDFSpeaker ->
NeuroSpeech WordSpeaker -> NeuroSpeech WordSpeaker ->
NimoCorp -> Nimo Codecs Pack v4.33 (Remove Only) ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
NoAdware 5.0_is1 -> NoAdware v5.0 ->
OggDS -> Direct Show Ogg Vorbis Filter (remove only) ->
Panda ActiveScan -> Panda ActiveScan ->
RealPlayer 6.0 -> RealPlayer ->
Refresher -> Refresher ->
RuneScape Toolkit -> RuneScape Toolkit ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
ST6UNST #1 -> Manga Viewer ->
ST6UNST #2 -> Recorder ->
SwiftSwitch -> SwiftSwitch ->
TI Connect™ 1.3 -> TI Connect™ 1.3 ->
uTorrent -> µTorrent ->
Viewpoint Manager -> Viewpoint Manager (Remove Only) ->
ViewpointMediaPlayer -> Viewpoint Media Player ->
VLC media player -> VideoLAN VLC media player 0.8.6 ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
WinAce Archiver -> WinAce Archiver ->
Windows Live OneCare safety scanner -> Windows Live OneCare safety scanner ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
Windows XP Service Pack -> Windows XP Service Pack 2 ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
WOLAPI -> Westwood Shared Internet Components ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 ->
XviD -> XviD Video Codec 14052003-1 (Koepi's developer build) ->


[Files/Folders - Created Within 30 days]
20071011125540.bmp -> %SystemDrive%\20071011125540.bmp -> [Ver = | Size = 2359350 bytes | Created Date = 10/11/2007 11:55:40 AM | Attr = ]
2007101622235.bmp -> %SystemDrive%\2007101622235.bmp -> [Ver = | Size = 2359350 bytes | Created Date = 10/16/2007 1:22:35 AM | Attr = ]
831a0e6756663bc68436ef61 -> %SystemDrive%\831a0e6756663bc68436ef61 -> [Folder | Created Date = 10/9/2007 1:01:29 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/27/2007 9:32:12 PM | Attr = ]
scrips and bots -> %SystemDrive%\scrips and bots -> [Folder | Created Date = 10/13/2007 9:59:56 PM | Attr = ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 10/24/2007 6:07:25 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 10/24/2007 6:06:42 PM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 10/24/2007 6:01:28 PM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 10/24/2007 6:01:47 PM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 10/24/2007 6:05:51 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/9/2007 1:08:11 PM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 10/24/2007 6:02:10 PM | Attr = H ]
$NtUninstallKB939653_0$ -> %SystemRoot%\$NtUninstallKB939653_0$ -> [Folder | Created Date = 10/9/2007 1:07:31 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/9/2007 1:01:15 PM | Attr = H ]
AutoUpdateWin32.exe -> %SystemRoot%\AutoUpdateWin32.exe -> [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Created Date = 10/13/2007 6:13:31 PM | Attr = ]
AutoUpdateWin33.exe -> %SystemRoot%\AutoUpdateWin33.exe -> [Ver = 1, 0, 0, 2 | Size = 32768 bytes | Created Date = 10/13/2007 6:13:31 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/27/2007 9:47:11 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 10/25/2007 5:43:48 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 10/24/2007 6:12:25 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 10/24/2007 6:01:49 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 10/13/2007 7:34:00 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 10/13/2007 7:34:00 PM | Attr = H ]
ST6UNST.000 -> %SystemRoot%\ST6UNST.000 -> [Ver = | Size = 2588 bytes | Created Date = 10/20/2007 7:27:07 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 10/27/2007 9:50:48 PM | Attr = ]
unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.1.1 | Size = 86016 bytes | Created Date = 10/11/2007 9:53:26 AM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 10/24/2007 6:10:50 PM | Attr = ]
WindowsUpdates.exe -> %SystemRoot%\WindowsUpdates.exe -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Created Date = 10/13/2007 6:13:31 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 10/17/2007 10:32:36 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 10/17/2007 10:45:12 PM | Attr = ]
DWSHK36.OCX -> %System32%\DWSHK36.OCX -> Desaware Inc. [Ver = 6.0.0.5 | Size = 140800 bytes | Created Date = 10/20/2007 7:27:24 PM | Attr = ]
DWSPY36.dll -> %System32%\DWSPY36.dll -> Desaware Inc. [Ver = 6.0.1.3 | Size = 75776 bytes | Created Date = 10/20/2007 7:27:24 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Created Date = 10/24/2007 6:10:46 PM | Attr = ]
FCC520E3F3.dll -> %System32%\FCC520E3F3.dll -> [Ver = | Size = 80 bytes | Created Date = 10/10/2007 11:04:10 AM | Attr = RHS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 10/17/2007 10:33:18 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 10/17/2007 10:32:43 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
TaskScheduler.dll -> %System32%\TaskScheduler.dll -> Askarya Technologies [Ver = 1.2.1 | Size = 57344 bytes | Created Date = 10/20/2007 7:27:24 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3818 bytes | Created Date = 10/17/2007 3:09:56 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 10/17/2007 10:33:21 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 10/17/2007 10:45:12 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
20071011125540.bmp -> %SystemDrive%\20071011125540.bmp -> [Ver = | Size = 2359350 bytes | Modified Date = 10/11/2007 12:55:42 PM | Attr = ]
2007101622235.bmp -> %SystemDrive%\2007101622235.bmp -> [Ver = | Size = 2359350 bytes | Modified Date = 10/16/2007 2:22:38 AM | Attr = ]
831a0e6756663bc68436ef61 -> %SystemDrive%\831a0e6756663bc68436ef61 -> [Folder | Modified Date = 10/9/2007 2:01:30 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/26/2007 1:33:10 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/27/2007 10:47:52 PM | Attr = ]
scrips and bots -> %SystemDrive%\scrips and bots -> [Folder | Modified Date = 10/20/2007 3:27:30 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/27/2007 10:50:50 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/25/2007 1:28:14 AM | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 10/24/2007 7:07:26 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 10/24/2007 7:06:44 PM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 10/24/2007 7:01:30 PM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Modified Date = 10/24/2007 7:01:50 PM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 10/24/2007 7:05:52 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/9/2007 2:08:14 PM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Modified Date = 10/24/2007 7:02:16 PM | Attr = H ]
$NtUninstallKB939653_0$ -> %SystemRoot%\$NtUninstallKB939653_0$ -> [Folder | Modified Date = 10/9/2007 2:07:42 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/9/2007 2:01:16 PM | Attr = H ]
.jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 10/24/2007 9:22:08 PM | Attr = ]
AutoUpdateWin32.exe -> %SystemRoot%\AutoUpdateWin32.exe -> [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Modified Date = 10/13/2007 7:13:32 PM | Attr = ]
AutoUpdateWin33.exe -> %SystemRoot%\AutoUpdateWin33.exe -> [Ver = 1, 0, 0, 2 | Size = 32768 bytes | Modified Date = 10/13/2007 7:13:32 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/27/2007 10:43:30 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/26/2007 9:51:18 AM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 10/3/2007 10:46:22 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/17/2007 11:32:38 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/27/2007 10:47:12 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/25/2007 6:52:24 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 10/25/2007 6:46:06 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/26/2007 12:41:18 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/25/2007 6:47:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/26/2007 2:45:08 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/11/2007 11:01:04 PM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 10/25/2007 6:46:26 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 10/18/2007 10:58:22 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 10/25/2007 11:51:50 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 10/13/2007 8:34:02 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/17/2007 11:16:52 PM | Attr = H ]
ST6UNST.000 -> %SystemRoot%\ST6UNST.000 -> [Ver = | Size = 2588 bytes | Modified Date = 10/20/2007 8:27:26 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 10/12/2007 2:17:30 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/27/2007 10:38:52 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/27/2007 10:50:10 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 10/27/2007 10:50:50 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 10/25/2007 6:46:44 PM | Attr = ]
WindowsUpdates.exe -> %SystemRoot%\WindowsUpdates.exe -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/13/2007 7:13:32 PM | Attr = ]
McAfee.com Update Check (my name-my name).job -> %SystemRoot%\tasks\McAfee.com Update Check (my name-my name).job -> [Ver = | Size = 494 bytes | Modified Date = 10/27/2007 10:50:10 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 10/17/2007 11:51:32 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/26/2007 12:43:06 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/26/2007 9:35:22 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/24/2007 7:10:56 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/26/2007 12:41:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/27/2007 10:34:00 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 10/25/2007 6:48:30 PM | Attr = ]
FCC520E3F3.dll -> %System32%\FCC520E3F3.dll -> [Ver = | Size = 80 bytes | Modified Date = 10/27/2007 12:32:40 PM | Attr = RHS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 10/17/2007 11:33:22 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 10/17/2007 11:33:20 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3818 bytes | Modified Date = 10/17/2007 4:15:14 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 10/17/2007 11:33:24 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 10/27/2007 10:44:36 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/27/2007 10:44:12 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemDrive%\mplayerc.exe -> Gabest [Ver = 6, 4, 6, 7 | Size = 930304 bytes | Modified Date = 10/12/2003 4:02:22 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 1:00:00 PM | Attr = ]
FSG! , -> %System32%\Fyncjak1.xml -> [Ver = | Size = 398742 bytes | Modified Date = 5/2/2005 1:15:00 PM | Attr = ]
SAHAgent , -> %System32%\ke2evvnh.ini -> [Ver = | Size = 68 bytes | Modified Date = 6/22/2005 3:03:34 AM | Attr = ]
PEC2 , Thawte Consulting , -> %System32%\lnaccess.exe -> [Ver = 1, 0, 0, 1 | Size = 151008 bytes | Modified Date = 9/6/2007 3:32:34 PM | Attr = ]
FSG! , -> %System32%\Mkhqovk1.xml -> [Ver = | Size = 398742 bytes | Modified Date = 5/17/2005 12:51:46 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MNCPrgBr.OCX -> Midnight Studio [Ver = 1.00.0023 | Size = 22528 bytes | Modified Date = 12/30/2000 11:47:40 AM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 11/3/2006 10:51:14 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 1:00:00 PM | Attr = ]
FSG! , -> %System32%\Wmoygyk1.xml -> [Ver = | Size = 398742 bytes | Modified Date = 4/27/2005 2:27:14 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\xjis.nls:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\xpanel.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\xrumble.dll:Zone.Identifier ->
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\xctrl.sys:Zone.Identifier ->

< End of report >

Edited by dedred, 28 October 2007 - 01:45 AM.


#5 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 28 October 2007 - 03:05 PM

Hello


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Computer Alarm Clock ->
YY -> Inside the site download -> %AllUsersAppData%\pop draw inside the\16body.exe
YN -> Privacy Cleaner Pro -> %SystemDrive%\PROGRA~1\PRIVAC~1\pcp.exe
YY -> Secure -> %SystemRoot%\WindowsUpdates.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Test1 -> %SystemDrive%\DOCUME~1\my name\APPLIC~1\PHONED~1\NameGlobal.exe
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF} [HKLM] -> %SystemDrive%\DOCUME~1\my name\APPLIC~1\SENDCL~1\first copy.exe [Reg Data - Value does not exist]
YY -> {1DC9D850-044D-11E1-B3C9-00805E499D93} [HKLM] -> %System32%\proxyspd.dll [Proxy Connection support DLL]
YN -> {25ECDCB1-D13F-4422-A3B5-1AAFCAC70879} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33} [HKLM] -> %SystemDrive%\DOCUME~1\my name\APPLIC~1\SENDCL~1\first copy.exe [Reg Data - Value does not exist]
YN -> {A75E294E-C047-4D29-B07E-37B792881BEF} [HKLM] -> %SystemRoot%\AutoUpdateWin31.dll [AleTrack Class]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696} [HKLM] -> %ProgramFiles%\100% Free Chess Toolbar\v2.0.0.5\100%_Free_Chess_Toolbar.dll [100% Free Chess Toolbar]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0D0E3C62-C0C7-4252-B2B2-0BFAB08F2696} [HKLM] -> %ProgramFiles%\100% Free Chess Toolbar\v2.0.0.5\100%_Free_Chess_Toolbar.dll [100% Free Chess Toolbar]
YN -> WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search]
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
YN -> CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> scrips and bots -> %SystemDrive%\scrips and bots
NY -> AutoUpdateWin32.exe -> %SystemRoot%\AutoUpdateWin32.exe
NY -> AutoUpdateWin33.exe -> %SystemRoot%\AutoUpdateWin33.exe
NY -> WindowsUpdates.exe -> %SystemRoot%\WindowsUpdates.exe
NY -> FCC520E3F3.dll -> %System32%\FCC520E3F3.dll
[Files/Folders - Modified Within 30 days]
NY -> scrips and bots -> %SystemDrive%\scrips and bots
NY -> AutoUpdateWin32.exe -> %SystemRoot%\AutoUpdateWin32.exe
NY -> AutoUpdateWin33.exe -> %SystemRoot%\AutoUpdateWin33.exe
NY -> WindowsUpdates.exe -> %SystemRoot%\WindowsUpdates.exe
NY -> FCC520E3F3.dll -> %System32%\FCC520E3F3.dll
[File String Scan - Non-Microsoft Only]
NY -> FSG! , -> %System32%\Fyncjak1.xml
NY -> SAHAgent , -> %System32%\ke2evvnh.ini
NY -> PEC2 , Thawte Consulting , -> %System32%\lnaccess.exe
NY -> FSG! , -> %System32%\Mkhqovk1.xml
NY -> FSG! , -> %System32%\Wmoygyk1.xml
NY -> @Alternate Data Stream - 26 bytes -> %System32%\xjis.nls:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %System32%\xpanel.dll:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %System32%\xrumble.dll:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %System32%\drivers\xctrl.sys:Zone.Identifier
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.



Also please post a new HijackThis log.

#6 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 01 November 2007 - 10:32 PM

WinPFind3 logfile


WinPFind3 logfile created on: 11/1/2007 8:24:44 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Shana\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

702.48 Mb Total Physical Memory | 428.28 Mb Available Physical Memory | 60.97% Memory free
954.45 Mb Paging File | 760.32 Mb Available in Paging File | 79.66% Paging File free
Paging file location(s): C:\pagefile.sys 288 576;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 14.20 Gb Free Space | 25.41% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DAMIENSWAFFORDS
Current User Name: Shana
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 5/15/2004 7:27:50 PM | Attr = ]
carpserv.exe -> %System32%\carpserv.exe -> Conexant Systems, Inc. [Ver = 6.02.05 | Size = 4608 bytes | Modified Date = 5/21/2003 3:35:50 PM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 37888 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
prismcfg.exe -> %ProgramFiles%\2Wire 802.11g Wireless\PRISMCFG.exe -> 2Wire Inc. [Ver = 1.01.17 | Size = 335979 bytes | Modified Date = 4/13/2004 8:47:56 PM | Attr = ]
prismsvr.exe -> %System32%\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 1.01.16 | Size = 290905 bytes | Modified Date = 4/13/2004 7:45:30 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/3/2006 10:50:54 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 5/15/2004 7:27:50 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcshield.exe -> File not found
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> File not found
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcvsrte.exe -> File not found
(OneStep Search Service) OneStep Search Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\OneStepSearch\onestep.exe -> File not found
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> File not found
CARPService -> %System32%\carpserv.exe -> Conexant Systems, Inc. [Ver = 6.02.05 | Size = 4608 bytes | Modified Date = 5/21/2003 3:35:50 PM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb07.exe -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 11/3/2002 12:56:18 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 2:50:00 AM | Attr = ]
MCAgentExe -> %SystemDrive%\PROGRA~1\mcafee.com\agent\mcagent.exe -> File not found
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 7 | Size = 180224 bytes | Modified Date = 8/21/2003 7:10:50 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PRISMSVR.EXE -> %System32%\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 1.01.16 | Size = 290905 bytes | Modified Date = 4/13/2004 7:45:30 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/3/2006 10:50:54 AM | Attr = ]
VirusScan Online -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcvsshld.exe -> File not found
VSOCheckTask -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
µTorrent -> %ProgramFiles%\uTorrent\utorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 9/17/2007 11:53:02 AM | Attr = ]
AOL Fast Start -> %ProgramFiles%\America Online 9.0e\AOL.EXE -> File not found
ModemOnHold -> %ProgramFiles%\NetWaiting\netwaiting.exe -> File not found
owki -> %SystemDrive%\PROGRA~1\COMMON~1\owki\owkim.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe -> File not found
uTorrent -> %ProgramFiles%\uTorrent\utorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 9/17/2007 11:53:02 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
%AllUsersStartup%\2Wire Wireless Client.lnk -> %ProgramFiles%\2Wire 802.11g Wireless\PRISMCFG.exe -> 2Wire Inc. [Ver = 1.01.17 | Size = 335979 bytes | Modified Date = 4/13/2004 8:47:56 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\hp instant support.lnk -> %ProgramFiles%\Hewlett-Packard\hpis\bin\matcli.exe -> Motive Communications, Inc. [Ver = 4.03.03.20020509_090000 | Size = 208896 bytes | Modified Date = 5/9/2002 9:44:20 AM | Attr = ]
%AllUsersStartup%\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [Ver = | Size = 1134592 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{1DC9D850-044D-11E1-B3C9-00805E499D93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{25ECDCB1-D13F-4422-A3B5-1AAFCAC70879} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [Ver = | Size = 303104 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 1:30:02 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 1:30:02 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 15 | Size = 114743 bytes | Modified Date = 8/18/2003 12:19:32 PM | Attr = ]
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 303104 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 303104 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AIM Search -> Reg Data - Value does not exist -> File not found
&AOL Toolbar search -> Reg Data - Value does not exist -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 6:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
Alexa Toolbar -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{241BAEEF-1D85-4F3B-881A-D1F0D12F6AA5} -> (2Wire Gateway USB) ->
{57668A1B-0A09-4082-A5E5-297B6CBFF973} -> (National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter) ->
{86D18224-C5B0-4096-8B8C-C7BFE3F28A0C} -> (2Wire 802.11g Cardbus Wireless LAN Card) ->
{BC89A6B3-7E23-490C-B2DF-DB3720ABFCA3} -> () ->
{C5CE0E7E-FA26-4337-B033-4FF5BB799235} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shock...director/sw.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://go.divx.com/plugin/DivXBrowserPlugin.cab ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D} -> HpProductDetection Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab ->
{814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} -> DASWebDownload Class - CodeBase = http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
ERSvc -> ->
FastUserSwitchingCompatibility -> ->
Messenger -> ->
Schedule -> ->
WZCSVC -> ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4} -> Matrix-ks ->
{3248F0A8-6813-11D6-A77B-00B0D0150090} -> J2SE Runtime Environment 5.0 Update 9 ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{3C0619B4-4A2C-4244-8077-488E420DF907} -> FINAL FANTASY XI: Chains of Promathia ->
{3D5A72E1-1467-4199-8CF6-12DA8D502A6B} -> Veoh Player ->
{45EBDA59-D33B-433A-956E-B2F236468B56} -> MUSICMATCH® Jukebox ->
{47004155-7376-403E-89E9-4C9F44AAF0D0} -> PlayOnline Viewer and Tetra Master ->
{49672EC2-171B-47B4-8CE7-50D7806360D7} -> Windows Live Sign-in Assistant ->
{4EF69D40-4DC9-485E-95D3-B1C22F218FC8} -> upapp ->
{571700F0-DB9D-4B3A-B03D-35A14BB5939F} -> Windows Live Messenger ->
{5809E7CF-4DCF-11D4-9875-00105ACE7734} -> Logitech MouseWare 9.79.1 ->
{5E863175-E85D-44A6-8968-82507D34AE7F} -> QuickTime ->
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0 ->
{678F6475-D227-432A-94FF-806178A34520} -> FINAL FANTASY XI ->
{6A1975EB-27E6-491D-94BC-6355FA25F40F} -> Google Web Accelerator ->
{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE} -> FINAL FANTASY XI: Rise of the Zilart ->
{8AD2EA30-5049-11D4-A08E-0080AD97BBF5} -> DJ Java Decompiler v.3.9.9.91 ->
{8E1DCD15-C9F1-49CE-807B-198C8241EB6B} -> ALi USB2.0 Driver ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{9559F7CA-5E34-4237-A2D9-D856464AD727} -> Project64 1.6 ->
{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5} -> Enter The Matrix ->
{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D} -> 2Wire Wireless Client ->
{A606C6FF-12E7-40BE-B777-D8F360FF00CD} -> FINAL FANTASY XI: Treasures of Aht Urhgan ->
{AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9 ->
{B6F7DBE7-2FE2-458F-A738-B10832746036} -> Microsoft Reader ->
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player ->
{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} -> HP Product Detection ->
{D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader ->
{E0E400F5-422B-4540-A14F-B0739D71FEE7} -> Microsoft Reader Text-to-Speech for English ->
AC3Filter -> AC3Filter (remove only) ->
Action Replay XBOX_is1 -> Action Replay XBOX 1.40 ->
Ad-Aware SE Personal -> Ad-Aware SE Personal ->
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 ->
Adobe Shockwave Player -> Adobe Shockwave Player ->
ATI Display Driver -> ATI Display Driver ->
CDex -> CDex extraction audio ->
CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C -> Conexant 56K ACLink Modem ->
CNXT_MODEM_USB_VID_148D&PID_1671 -> Creative Modem Blaster V.92 USB ->
Combined Community Codec Pack -> Combined Community Codec Pack 2006-07-28 (Remove Only) ->
Computer Alarm Clock -> Computer Alarm Clock ->
Conexant PCI Audio -> Conexant AC-Link Audio ->
Cool's_Codec_pack_4.12 -> Codec Pack - All In 1 6.0.3.0 ->
DVD Decrypter -> DVD Decrypter (Remove Only) ->
ffdshow -> ffdshow (remove only) ->
Guild Wars -> Guild Wars ->
HijackThis -> HijackThis 2.0.2 ->
hp instant support -> hp instant support ->
HUFFYUV -> Huffyuv AVI lossless video codec (Remove Only) ->
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->
ie7 -> Windows Internet Explorer 7 ->
InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907} -> FINAL FANTASY XI: Chains of Promathia ->
InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B} -> Veoh Player ->
InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0} -> PlayOnline Viewer and Tetra Master ->
InstallShield_{678F6475-D227-432A-94FF-806178A34520} -> FINAL FANTASY XI ->
InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE} -> FINAL FANTASY XI: Rise of the Zilart ->
InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD} -> FINAL FANTASY XI: Treasures of Aht Urhgan ->
kazaalite202_is1 -> Kazaa Lite K++ v2.4.3 ->
KB834707 -> Windows XP Hotfix - KB834707 ->
KB867282 -> Windows XP Hotfix - KB867282 ->
KB873333 -> Windows XP Hotfix - KB873333 ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB883939 -> Security Update for Windows XP (KB883939) ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB887742 -> Windows XP Hotfix - KB887742 ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890047 -> Windows XP Hotfix - KB890047 ->
KB890175 -> Windows XP Hotfix - KB890175 ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB890923 -> Windows XP Hotfix - KB890923 ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) ->
KB893066 -> Windows XP Hotfix - KB893066 ->
KB893086 -> Windows XP Hotfix - KB893086 ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803 -> Windows Installer 3.1 (KB893803) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896422 -> Security Update for Windows XP (KB896422) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB896688 -> Security Update for Windows XP (KB896688) ->
KB896727 -> Update for Windows XP (KB896727) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899588 -> Security Update for Windows XP (KB899588) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901190 -> Security Update for Windows XP (KB901190) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB903235 -> Security Update for Windows XP (KB903235) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB904942 -> Update for Windows XP (KB904942) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB905915 -> Security Update for Windows XP (KB905915) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Security Update for Windows XP (KB908531) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Security Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911565 -> Security Update for Windows Media Player 10 (KB911565) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912812 -> Security Update for Windows XP (KB912812) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB913446 -> Security Update for Windows XP (KB913446) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914440 -> Hotfix for Windows XP (KB914440) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB916281 -> Security Update for Windows XP (KB916281) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB918899 -> Security Update for Windows XP (KB918899) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920214 -> Security Update for Windows XP (KB920214) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921503 -> Security Update for Windows XP (KB921503) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922760 -> Security Update for Windows XP (KB922760) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923689 -> Security Update for Windows XP (KB923689) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925454 -> Security Update for Windows XP (KB925454) ->
KB925486 -> Security Update for Windows XP (KB925486) ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926239 -> Hotfix for Windows XP (KB926239) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB927891 -> Update for Windows XP (KB927891) ->
KB928090 -> Security Update for Windows XP (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929123 -> Security Update for Windows XP (KB929123) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) ->
KB929969 -> Security Update for Windows XP (KB929969) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931768 -> Security Update for Windows XP (KB931768) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB931836 -> Update for Windows XP (KB931836) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
KB933360 -> Update for Windows XP (KB933360) ->
KB933566 -> Security Update for Windows XP (KB933566) ->
KB933729 -> Security Update for Windows XP (KB933729) ->
KB935839 -> Security Update for Windows XP (KB935839) ->
KB935840 -> Security Update for Windows XP (KB935840) ->
KB936021 -> Security Update for Windows XP (KB936021) ->
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782) ->
KB937143 -> Security Update for Windows XP (KB937143) ->
KB938127 -> Security Update for Windows XP (KB938127) ->
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127) ->
KB938828 -> Update for Windows XP (KB938828) ->
KB938829 -> Security Update for Windows XP (KB938829) ->
KB939653 -> Security Update for Windows XP (KB939653) ->
KB939683 -> Hotfix for Windows Media Player 11 (KB939683) ->
KB941202 -> Security Update for Windows XP (KB941202) ->
Logitech Resource Center -> Logitech Resource Center ->
Lucent Technologies Soft Modem -> Lucent Technologies Soft Modem AMR ->
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP ->
Nero - Burning Rom!UninstallKey -> Nero OEM ->
NeuroSpeech IESpeaker -> NeuroSpeech IESpeaker ->
NeuroSpeech PDFSpeaker -> NeuroSpeech PDFSpeaker ->
NeuroSpeech WordSpeaker -> NeuroSpeech WordSpeaker ->
NimoCorp -> Nimo Codecs Pack v4.33 (Remove Only) ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
NoAdware 5.0_is1 -> NoAdware v5.0 ->
OggDS -> Direct Show Ogg Vorbis Filter (remove only) ->
Panda ActiveScan -> Panda ActiveScan ->
RealPlayer 6.0 -> RealPlayer ->
Refresher -> Refresher ->
RuneScape Toolkit -> RuneScape Toolkit ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
ST6UNST #1 -> Manga Viewer ->
ST6UNST #2 -> Recorder ->
SwiftSwitch -> SwiftSwitch ->
TI Connect™ 1.3 -> TI Connect™ 1.3 ->
uTorrent -> µTorrent ->
Viewpoint Manager -> Viewpoint Manager (Remove Only) ->
ViewpointMediaPlayer -> Viewpoint Media Player ->
VLC media player -> VideoLAN VLC media player 0.8.6 ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
WinAce Archiver -> WinAce Archiver ->
Windows Live OneCare safety scanner -> Windows Live OneCare safety scanner ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
Windows XP Service Pack -> Windows XP Service Pack 2 ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
WOLAPI -> Westwood Shared Internet Components ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 ->
XviD -> XviD Video Codec 14052003-1 (Koepi's developer build) ->


[Files/Folders - Created Within 30 days]
20071011125540.bmp -> %SystemDrive%\20071011125540.bmp -> [Ver = | Size = 2359350 bytes | Created Date = 10/11/2007 11:55:40 AM | Attr = ]
2007101622235.bmp -> %SystemDrive%\2007101622235.bmp -> [Ver = | Size = 2359350 bytes | Created Date = 10/16/2007 1:22:35 AM | Attr = ]
831a0e6756663bc68436ef61 -> %SystemDrive%\831a0e6756663bc68436ef61 -> [Folder | Created Date = 10/9/2007 1:01:29 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/27/2007 9:32:12 PM | Attr = ]
scrips and bots -> %SystemDrive%\scrips and bots -> [Folder | Created Date = 10/13/2007 9:59:56 PM | Attr = ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 10/24/2007 6:07:25 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 10/24/2007 6:06:42 PM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 10/24/2007 6:01:28 PM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 10/24/2007 6:01:47 PM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 10/24/2007 6:05:51 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/9/2007 1:08:11 PM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 10/24/2007 6:02:10 PM | Attr = H ]
$NtUninstallKB939653_0$ -> %SystemRoot%\$NtUninstallKB939653_0$ -> [Folder | Created Date = 10/9/2007 1:07:31 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/9/2007 1:01:15 PM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/27/2007 9:47:11 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 10/25/2007 5:43:48 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 10/24/2007 6:12:25 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 10/24/2007 6:01:49 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 10/13/2007 7:34:00 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 10/13/2007 7:34:00 PM | Attr = H ]
ST6UNST.000 -> %SystemRoot%\ST6UNST.000 -> [Ver = | Size = 2588 bytes | Created Date = 10/20/2007 7:27:07 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 10/27/2007 9:50:48 PM | Attr = ]
unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.1.1 | Size = 86016 bytes | Created Date = 10/11/2007 9:53:26 AM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 10/24/2007 6:10:50 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 10/17/2007 10:32:36 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 10/17/2007 10:45:12 PM | Attr = ]
DWSHK36.OCX -> %System32%\DWSHK36.OCX -> Desaware Inc. [Ver = 6.0.0.5 | Size = 140800 bytes | Created Date = 10/20/2007 7:27:24 PM | Attr = ]
DWSPY36.dll -> %System32%\DWSPY36.dll -> Desaware Inc. [Ver = 6.0.1.3 | Size = 75776 bytes | Created Date = 10/20/2007 7:27:24 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Created Date = 10/24/2007 6:10:46 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 10/17/2007 10:33:18 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 10/17/2007 10:32:43 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
TaskScheduler.dll -> %System32%\TaskScheduler.dll -> Askarya Technologies [Ver = 1.2.1 | Size = 57344 bytes | Created Date = 10/20/2007 7:27:24 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3818 bytes | Created Date = 10/17/2007 3:09:56 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 10/17/2007 10:33:21 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 10/27/2007 9:31:16 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 10/17/2007 10:45:12 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
20071011125540.bmp -> %SystemDrive%\20071011125540.bmp -> [Ver = | Size = 2359350 bytes | Modified Date = 10/11/2007 12:55:42 PM | Attr = ]
2007101622235.bmp -> %SystemDrive%\2007101622235.bmp -> [Ver = | Size = 2359350 bytes | Modified Date = 10/16/2007 2:22:38 AM | Attr = ]
831a0e6756663bc68436ef61 -> %SystemDrive%\831a0e6756663bc68436ef61 -> [Folder | Modified Date = 10/9/2007 2:01:30 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/26/2007 1:33:10 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/27/2007 10:47:52 PM | Attr = ]
scrips and bots -> %SystemDrive%\scrips and bots -> [Folder | Modified Date = 11/1/2007 8:10:06 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/1/2007 8:10:06 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/25/2007 1:28:14 AM | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 10/24/2007 7:07:26 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 10/24/2007 7:06:44 PM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 10/24/2007 7:01:30 PM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Modified Date = 10/24/2007 7:01:50 PM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 10/24/2007 7:05:52 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/9/2007 2:08:14 PM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Modified Date = 10/24/2007 7:02:16 PM | Attr = H ]
$NtUninstallKB939653_0$ -> %SystemRoot%\$NtUninstallKB939653_0$ -> [Folder | Modified Date = 10/9/2007 2:07:42 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/9/2007 2:01:16 PM | Attr = H ]
.jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 10/24/2007 9:22:08 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/1/2007 8:12:46 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/26/2007 9:51:18 AM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 10/3/2007 10:46:22 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/17/2007 11:32:38 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/27/2007 10:47:12 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/25/2007 6:52:24 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 10/25/2007 6:46:06 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/26/2007 12:41:18 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/25/2007 6:47:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/26/2007 2:45:08 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/11/2007 11:01:04 PM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 10/25/2007 6:46:26 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 10/18/2007 10:58:22 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 10/25/2007 11:51:50 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 10/13/2007 8:34:02 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/30/2007 2:12:40 PM | Attr = H ]
ST6UNST.000 -> %SystemRoot%\ST6UNST.000 -> [Ver = | Size = 2588 bytes | Modified Date = 10/20/2007 8:27:26 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 10/12/2007 2:17:30 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/1/2007 8:10:06 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 11/1/2007 8:17:24 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 11/1/2007 8:15:04 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 10/25/2007 6:46:44 PM | Attr = ]
McAfee.com Update Check (DAMIENSWAFFORDS-Shana).job -> %SystemRoot%\tasks\McAfee.com Update Check (DAMIENSWAFFORDS-Shana).job -> [Ver = | Size = 494 bytes | Modified Date = 11/1/2007 8:17:24 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 10/17/2007 11:51:32 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/26/2007 12:43:06 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/1/2007 1:03:26 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/24/2007 7:10:56 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/26/2007 12:41:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/27/2007 10:34:00 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 10/25/2007 6:48:30 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 10/17/2007 11:33:22 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 10/17/2007 11:33:20 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3818 bytes | Modified Date = 10/17/2007 4:15:14 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 10/17/2007 11:33:24 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 11/1/2007 8:14:58 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/27/2007 10:44:12 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemDrive%\mplayerc.exe -> Gabest [Ver = 6, 4, 6, 7 | Size = 930304 bytes | Modified Date = 10/12/2003 4:02:22 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 1:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MNCPrgBr.OCX -> Midnight Studio [Ver = 1.00.0023 | Size = 22528 bytes | Modified Date = 12/30/2000 11:47:40 AM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 11/3/2006 10:51:14 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 1:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#7 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 01 November 2007 - 10:34 PM

HijackThis logfile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:32 PM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Shana\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DC9D850-044D-11E1-B3C9-00805E499D93} - (no file)
O2 - BHO: (no name) - {25ECDCB1-D13F-4422-A3B5-1AAFCAC70879} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33} - (no file)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [owki] C:\PROGRA~1\COMMON~1\owki\owkim.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{08B5DB62-E103-4471-9CAC-3B00588CBED9}: NameServer = 198.6.100.150 198.6.1.150
O17 - HKLM\System\CS4\Services\Tcpip\..\{08B5DB62-E103-4471-9CAC-3B00588CBED9}: NameServer = 198.6.100.150 198.6.1.150
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

--
End of file - 7375 bytes

#8 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 02 November 2007 - 12:52 AM

Hello

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> owki -> %SystemDrive%\PROGRA~1\COMMON~1\owki\owkim.exe
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {1DC9D850-044D-11E1-B3C9-00805E499D93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {25ECDCB1-D13F-4422-A3B5-1AAFCAC70879} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.





Next download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


#9 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 02 November 2007 - 01:38 AM

[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\owki deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D94CDB-99D2-6BF8-37CA-BC0B5BDBF2FF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DC9D850-044D-11E1-B3C9-00805E499D93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25ECDCB1-D13F-4422-A3B5-1AAFCAC70879} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B1AB97D-040C-6FA0-61F3-A7ED9F0E6A33} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
< End of log >
Created on 11/01/2007 23:37:46

#10 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 02 November 2007 - 04:37 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:28:13 AM 11/2/2007

+ Scan result:



C:\RECYCLER\S-1-5-21-1957994488-492894223-1343024091-1004\Dc1\AutoUpdateWin33.exe -> Adware.Agent : Cleaned with backup (quarantined).
HKU\S-1-5-21-1957994488-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DC9D850-044D-11E1-B3C9-00805E499D93} -> Adware.ContextuAd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Fyncja.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Kyxtki.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Mkhqov.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Wmoygy.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mscombtl32.exe -> Adware.MediaBack : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-492894223-1343024091-1004\Dc1\SYSTEM32\proxyspd.dll -> Adware.MediaBack : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Shana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-e96aca2-4d00dc7e.class -> Not-A-Virus.Exploit.Java.Gimsh.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shana\Cookies\shana@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@alexanderinteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@bidzcom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@electronicarts.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@firstpremierbankcard.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@gaiainteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@homestore.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@microsoftwlspacesmkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@newmotioninc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@novell.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@reunioncom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@stepstone.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@waterfrontmedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@adc.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@advertisersclearinghouse.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@dssatlascreditgroup.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@lpn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@paidmarketingpanel.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@usap.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@2.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@ads.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@www.directnetadvertising[2].txt -> TrackingCookie.Directnetadvertising : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@e-2dj6wgl4giajgeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@csi.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@kbase.x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\Shana\Cookies\shana@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\RECYCLER\S-1-5-21-1957994488-492894223-1343024091-1004\Dc1\WindowsUpdates.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Shana\Application Data\Phonedefyremote\pqbddwrr.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\Documents and Settings\Shana\Application Data\Phonedefyremote\stupid 01 option.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-492894223-1343024091-1004\Dc2\All Users.WINDOWS\Application Data\pop draw inside the\16body.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\Documents and Settings\Shana\Desktop\emulaters\psp stuff\downgrade psp\MPHDowngrader\MPHDowngrader\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Cleaned with backup (quarantined).
C:\Program Files\Common Files\upddebug.exe -> Trojan.VB.vc : Cleaned with backup (quarantined).


::Report end::



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:22 AM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Shana\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

--
End of file - 6599 bytes

#11 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 02 November 2007 - 04:09 PM

Can you please post a new HijackThis log from Normal Mode, and let me know how your PC is running now.

#12 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 02 November 2007 - 06:53 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:01 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\HEWLET~1\hpis\common\MOTIVE~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shana\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

--
End of file - 6919 bytes

#13 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 02 November 2007 - 06:55 PM

pc is runing very well now, its acing better than it has all this year. thanks for the help, hijack log is 1 post up like you requested

#14 dedred

dedred
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 02 November 2007 - 07:07 PM

there is one more thing i was hopeing you could help me with, in add or remove programs there is a file named "enter the matrix" its 20mb of space and every time i say remove it says



"
>setupdll\setupdll.cpp (439)
papp:enter the matrix
pvender:infogmes
pguide:9cd92db1-1b3b-4296-9456-93ea6bcaa4c5
$7.1.100.1248
@windows xp service pack 2 (2600) ie 7.0.6000.16544

"

any way you could help me get rid of that aswell?

#15 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 02 November 2007 - 07:25 PM

It looks like you have removed most of that program yourself, but theres a trace left behind. Try this


Delete an Entry from the Uninstall List
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on "Enter the Matrix"
  • Click on Delete this entry
  • Click "Yes"


Also look in C:\Program Files for a folder called "Enter the Matrix", if that is there then delete it.


Let me know how that goes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users