Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Partypoker Popups


  • Please log in to reply
18 replies to this topic

#1 DLee

DLee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 23 December 2007 - 08:57 AM

Hello there,

Getting crazy here in the days before Christmas. Since last week at random times popups when surfing the internet appear. Mostly of partypoker.
- SAV constantly active since months (fixed some viruses coming from the popups)
- Windows Defender also

Tried to remove the bleep with the following :
Scanned with :
- Spybot Search and Destroy
- Spyware Doctor (bought it)
- Vundofix.exe
- AVG Anti-spyware
- Bitdefender
- Housecall
- Panda

Still getting it.

Hijackthis.log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:51, on 23-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.web-log.nl
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9458 bytes


I hope you can help me out ! Thanks in advance.

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 23 December 2007 - 12:38 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HiajckThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 DLee

DLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 24 December 2007 - 04:53 AM

Hi there Charles,

First of all thanks in advance for wanting to help me out.

Combofix.txt :
ComboFix 07-12-21.4 - HP_Administrator 2007-12-24 10:39:08.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\HP_Administrator\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\LG4Y7VX8\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\_000008_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


(((((((((((((((((((( Bestanden Gemaakt van 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))
.

2007-12-23 14:42 . 2007-12-23 14:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 12:04 . 2007-12-23 12:04 512 --a------ C:\22D.tmp
2007-12-23 11:52 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ivghujucpcwd.sys
2007-12-23 11:43 . 2007-12-23 11:43 512 --a------ C:\36B.tmp
2007-12-23 11:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\fpafdpvedtfg.sys
2007-12-23 11:15 . 2007-12-23 11:51 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-23 11:15 . 2007-12-23 11:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-22 14:32 . 2007-12-22 14:32 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-12-22 14:32 . 2007-12-22 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 14:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-22 08:57 . 2007-12-22 08:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-22 08:55 . 2007-12-22 08:55 <DIR> d-------- C:\Program Files\MSBuild
2007-12-22 08:51 . 2007-12-22 08:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-22 08:50 . 2007-12-22 08:50 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-22 08:49 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-21 13:15 . 2007-12-21 13:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HouseCall 6.6
2007-12-21 10:56 . 2007-12-21 10:56 <DIR> d-------- C:\VundoFix Backups
2007-12-20 06:43 . 2007-12-24 10:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 23:23 . 2007-12-19 23:23 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-19 23:23 . 2007-12-19 23:23 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-19 23:23 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-19 23:23 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-19 23:22 . 2007-12-24 09:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-19 23:22 . 2007-12-19 23:22 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools
2007-12-16 20:23 . 2007-12-16 20:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\GARMIN
2007-12-15 14:39 . 2007-12-15 14:39 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2007-12-15 14:25 . 2007-12-23 11:51 <DIR> d-------- C:\Program Files\MP4 Player
2007-12-15 14:25 . 2007-12-15 14:25 36 ---h----- C:\WINDOWS\system32\swk.ini
2007-11-28 21:51 . 2007-11-28 21:51 <DIR> d-------- C:\Program Files\Google

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 10:52 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-12-23 10:52 --------- d-----w C:\Program Files\Windows Defender
2007-12-23 10:52 --------- d-----w C:\Program Files\MainConcept
2007-12-19 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-15 13:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-15 09:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-11-15 10:25 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-11-15 10:24 --------- d-----w C:\Program Files\Sophos
2007-11-15 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sophos
2007-11-14 20:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 20:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 06:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 14:40 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Canon
2007-11-12 14:19 --------- d-----w C:\Program Files\TomTom HOME 2
2007-11-12 14:19 --------- d-----w C:\Program Files\TomTom HOME
2007-11-12 14:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TomTom
2007-11-12 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2007-11-02 12:14 --------- d-----w C:\Program Files\The FilmMachine
2007-10-24 09:18 --------- d-----w C:\Program Files\Java
2006-09-24 09:25 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 14:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 05:00 C:\WINDOWS\system32\rundll32.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20]
"nwiz"="nwiz.exe" [2006-10-31 13:35 C:\WINDOWS\system32\nwiz.exe]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 12:54]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-27 19:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-09-10 13:09]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-09-10 13:08]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-02-14 20:07]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 11:44]
S3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Inhoud van de 'Gedeelde Taken' map
"2007-12-24 09:47:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 10:45:30
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-24 10:48:59 - machine was rebooted
.
2007-12-23 10:00:29 --- E O F ---

Hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:00, on 24-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.web-log.nl
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9292 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 26 December 2007 - 06:17 AM

Download WinPFind3U to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

1) In the 'Files Created Within' group click 30 days,
2) In the 'Files Modified Within' group select 30 days
3) In the 'File String Search' group select Non-Microsoft

Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Paste the information back here in your next reply.
Make sure "end of report" is shown at the bottom, you may have to split the post up.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 DLee

DLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 28 December 2007 - 05:36 PM

Hey Charles,

Thanks for responding,even on the second Christmasday !

The WinPFind3.Txt says :

WinPFind3 logfile created on: 28-12-2007 23:27:02
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\HP_Administrator\Bureaublad\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

1023,36 Mb Total Physical Memory | 284,63 Mb Available Physical Memory | 27,81% Memory free
2,90 Gb Paging File | 2,03 Gb Available in Paging File | 70,11% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 36,86 Gb Free Space | 62,90% Space Free
Drive D: | 54,23 Gb Total Space | 44,58 Gb Free Space | 82,20% Space Free
Drive E: | 97,66 Gb Total Space | 38,19 Gb Free Space | 39,10% Space Free
F: Drive not present or media not loaded

Computer Name: BENEDEN
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 12-11-2007 6:00:16 | Attr = ]
almon.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 21-6-2007 11:18:00 | Attr = ]
alsvc.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.18.131 | Size = 172032 bytes | Modified Date = 3-4-2007 8:28:46 | Attr = ]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 2-8-2005 15:19:16 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11-6-2007 10:25:42 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30-5-2007 13:31:10 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3-3-2006 2:49:14 | Attr = ]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 18-3-2004 8:33:26 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19-10-2006 12:52:24 | Attr = ]
mp4player.exe -> %ProgramFiles%\MP4 Player\mp4Player.exe -> [Ver = 1.0.0.0 | Size = 639488 bytes | Modified Date = 19-9-2007 14:00:50 | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 16-11-2006 18:04:20 | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 884736 bytes | Modified Date = 16-11-2006 17:58:32 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9163 | Size = 155715 bytes | Modified Date = 31-10-2006 13:35:00 | Attr = ]
pastisvc.exe -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 14-1-2005 8:32:38 | Attr = ]
savadminservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 10-8-2007 17:46:24 | Attr = ]
savservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3755 | Size = 98304 bytes | Modified Date = 12-11-2007 18:08:38 | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 2-11-2007 17:24:56 | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 2-11-2007 17:24:58 | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 2-11-2007 17:25:04 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31-8-2007 16:46:28 | Attr = ]
vsnpstd.exe -> %SystemRoot%\vsnpstd.exe -> [Ver = 1, 0, 3, 0 | Size = 339968 bytes | Modified Date = 11-10-2005 12:54:48 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21-11-2007 9:19:46 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 12-11-2007 6:00:16 | Attr = ]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 2-8-2005 15:19:16 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30-5-2007 13:31:10 | Attr = ]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2-9-2004 5:00:00 | Attr = ]
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %System32%\spool\drivers\w32x86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1, 0, 50, 0 | Size = 81920 bytes | Modified Date = 20-5-2005 10:37:12 | Attr = ]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %System32%\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 16-10-2004 5:31:06 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22-10-2004 2:24:18 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19-10-2006 12:52:24 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 10-11-2006 18:18:02 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9163 | Size = 155715 bytes | Modified Date = 31-10-2006 13:35:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found
(SAVAdminService) Sophos Anti-Virus status reporter [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 10-8-2007 17:46:24 | Attr = ]
(SAVService) Sophos Anti-Virus [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3755 | Size = 98304 bytes | Modified Date = 12-11-2007 18:08:38 | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 2-11-2007 17:24:58 | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 2-11-2007 17:25:04 | Attr = ]
(Sophos AutoUpdate Service) Sophos AutoUpdate Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.18.131 | Size = 172032 bytes | Modified Date = 3-4-2007 8:28:46 | Attr = ]
(STI Simulator) STI Simulator [Win32_Own | Auto | Running] -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 14-1-2005 8:32:38 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11-6-2007 10:25:42 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9163 | Size = 7634944 bytes | Modified Date = 31-10-2006 13:35:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 31-10-2006 13:35:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27-6-2007 19:44:30 | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 2-11-2007 17:24:56 | Attr = ]
snpstd -> %SystemRoot%\vsnpstd.exe -> [Ver = 1, 0, 3, 0 | Size = 339968 bytes | Modified Date = 11-10-2005 12:54:48 | Attr = ]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 18-3-2004 8:33:26 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 16-11-2006 18:04:20 | Attr = ]
MP4 Player -> %ProgramFiles%\MP4 Player\mp4Player.exe -> [Ver = 1.0.0.0 | Size = 639488 bytes | Modified Date = 19-9-2007 14:00:50 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31-8-2007 16:46:28 | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten ->
%AllUsersStartup%\AutoUpdate Monitor.lnk -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 21-6-2007 11:18:00 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL -> %ProgramFiles%\Sophos\Sophos Anti-Virus\sophos_detoured.dll -> [Ver = | Size = 172032 bytes | Modified Date = 12-11-2007 19:34:04 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30-5-2007 13:29:58 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.nu.nl/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
beheerpagina_web-log.nl [https] -> ->
www_web-log.nl [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Help bij koppelingen] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22-10-2006 23:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25-9-2007 0:11:34 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25-9-2007 0:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25-9-2007 0:11:34 | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Onderzoek] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xporteren naar Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2AF55FBC-A1D2-4A12-A729-44EFA34E5EB2} -> (1394-netwerkkaart) ->
{2E496387-9E61-4783-86D0-35282A1FD156} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{30ED6965-F398-4993-9768-CE305BCC1684} -> (Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)) ->
{772BCDE8-E6E4-40D5-9404-899AF5A781A4} -> () ->
{BA885009-9ED3-4E26-9CFF-4E629664614E} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{CCD93802-3B3C-4513-AB24-16E843199982} -> (Wireless LAN PCI 802.11 b/g adapter WN5301A) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{493ACF15-5CD9-4474-82A6-91670C3DD66E} -> LinkedIn ContactFinderControl - CodeBase = http://www.linkedin.com/cab/LinkedInContactFinderControl.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D} -> HpProductDetection Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> get_atlcom Class - CodeBase = http://www.adobe.com/products/acrobat/nos/gp.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
22D.tmp -> %SystemDrive%\22D.tmp -> [Ver = | Size = 512 bytes | Created Date = 23-12-2007 12:04:14 | Attr = ]
36B.tmp -> %SystemDrive%\36B.tmp -> [Ver = | Size = 512 bytes | Created Date = 23-12-2007 11:43:57 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 24-12-2007 10:38:19 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 21-12-2007 10:56:40 | Attr = ]
$NtUninstallbasecsp$ -> %SystemRoot%\$NtUninstallbasecsp$ -> [Folder | Created Date = 22-12-2007 8:48:32 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 22-12-2007 8:49:00 | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Created Date = 23-12-2007 11:00:09 | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Created Date = 12-12-2007 23:28:54 | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12-12-2007 23:26:13 | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12-12-2007 23:27:23 | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12-12-2007 23:27:34 | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12-12-2007 23:26:04 | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 22-12-2007 8:49:23 | Attr = H ]
$NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Created Date = 22-12-2007 8:57:15 | Attr = H ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 24-12-2007 10:42:48 | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 22-12-2007 0:03:03 | Attr = H ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 24-12-2007 10:49:11 | Attr = ]
ac3acm.acm -> %System32%\ac3acm.acm -> fccHandler [Ver = 1, 40, 0, 0 | Size = 118784 bytes | Created Date = 15-12-2007 14:35:33 | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 23-12-2007 11:15:05 | Attr = ]
cpwmon2k.dll -> %System32%\cpwmon2k.dll -> [Ver = | Size = 87552 bytes | Created Date = 24-12-2007 22:51:09 | Attr = ]
divx.dll -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Created Date = 15-12-2007 14:35:31 | Attr = ]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 15-12-2007 14:35:32 | Attr = ]
en-us -> %System32%\en-us -> [Folder | Created Date = 22-12-2007 8:51:13 | Attr = ]
ff_vfw.dll -> %System32%\ff_vfw.dll -> [Ver = | Size = 7680 bytes | Created Date = 15-12-2007 14:35:31 | Attr = ]
ff_vfw.dll.manifest -> %System32%\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 15-12-2007 14:35:31 | Attr = ]
lameACM.acm -> %System32%\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 389120 bytes | Created Date = 15-12-2007 14:35:33 | Attr = ]
lame_acm.xml -> %System32%\lame_acm.xml -> [Ver = | Size = 414 bytes | Created Date = 15-12-2007 14:35:33 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 23-12-2007 11:15:08 | Attr = ]
pdfmont.dll -> %System32%\pdfmont.dll -> PDF Bean Inc. [Ver = 5.20.2600.2600 | Size = 122880 bytes | Created Date = 24-12-2007 20:49:34 | Attr = ]
qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 15-12-2007 14:35:32 | Attr = ]
swk.ini -> %System32%\swk.ini -> [Ver = | Size = 36 bytes | Created Date = 15-12-2007 14:25:04 | Attr = H ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 24-12-2007 10:37:29 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 24-12-2007 10:37:29 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 24-12-2007 10:37:29 | Attr = ]
unrar.dll -> %System32%\unrar.dll -> [Ver = | Size = 164352 bytes | Created Date = 15-12-2007 14:35:34 | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 24-12-2007 10:37:29 | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 22-12-2007 8:51:15 | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 1559040 bytes | Created Date = 15-12-2007 14:35:32 | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 282624 bytes | Created Date = 15-12-2007 14:35:32 | Attr = ]
yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 15-12-2007 14:35:32 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 23-12-2007 11:15:46 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 22-12-2007 14:32:43 | Attr = ]
fpafdpvedtfg.sys -> %System32%\drivers\fpafdpvedtfg.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 23-12-2007 11:29:37 | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 19-12-2007 23:23:02 | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 56832 bytes | Created Date = 19-12-2007 23:23:02 | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 74240 bytes | Created Date = 19-12-2007 23:23:02 | Attr = ]
ivghujucpcwd.sys -> %System32%\drivers\ivghujucpcwd.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 23-12-2007 11:52:57 | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 19-12-2007 23:23:02 | Attr = ]

[Files/Folders - Modified Within 30 days]
22D.tmp -> %SystemDrive%\22D.tmp -> [Ver = | Size = 512 bytes | Modified Date = 23-12-2007 12:04:16 | Attr = ]
36B.tmp -> %SystemDrive%\36B.tmp -> [Ver = | Size = 512 bytes | Modified Date = 23-12-2007 11:44:00 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 23-12-2007 11:00:30 | Attr = H ]
Garmin -> %SystemDrive%\Garmin -> [Folder | Modified Date = 16-12-2007 20:22:08 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073139712 bytes | Modified Date = 28-12-2007 10:12:04 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 24-12-2007 22:51:58 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 24-12-2007 10:49:02 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 21-12-2007 10:56:42 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 28-12-2007 17:41:52 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 23-12-2007 10:58:40 | Attr = H ]
$NtUninstallbasecsp$ -> %SystemRoot%\$NtUninstallbasecsp$ -> [Folder | Modified Date = 22-12-2007 8:48:36 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 22-12-2007 8:49:02 | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Modified Date = 23-12-2007 11:00:12 | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Modified Date = 12-12-2007 23:28:56 | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12-12-2007 23:26:14 | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12-12-2007 23:27:26 | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12-12-2007 23:27:36 | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12-12-2007 23:26:06 | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 22-12-2007 8:49:24 | Attr = H ]
$NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Modified Date = 22-12-2007 8:57:16 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 23-12-2007 11:53:04 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 22-12-2007 9:30:44 | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 23-12-2007 12:18:12 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 28-12-2007 10:12:04 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 23-12-2007 11:51:42 | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 23-12-2007 11:52:20 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 24-12-2007 10:42:50 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 22-12-2007 8:51:12 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 22-12-2007 0:08:32 | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 22-12-2007 0:03:50 | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 21-12-2007 23:52:16 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 22-12-2007 8:57:24 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 23-12-2007 11:16:02 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 23-12-2007 11:00:30 | Attr = HS]
iTouch.ini -> %SystemRoot%\iTouch.ini -> [Ver = | Size = 51 bytes | Modified Date = 28-12-2007 10:23:14 | Attr = ]
LODERUNN.INI -> %SystemRoot%\LODERUNN.INI -> [Ver = | Size = 139 bytes | Modified Date = 8-12-2007 11:38:26 | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 22-12-2007 0:04:06 | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 22-12-2007 9:30:54 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 13-12-2007 15:37:18 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 16-12-2007 20:32:16 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28-12-2007 23:24:42 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 15-12-2007 14:14:18 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 26-12-2007 12:33:30 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 28-12-2007 10:13:16 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 22-12-2007 8:54:44 | Attr = ]
setupapi.log.1.old -> %SystemRoot%\setupapi.log.1.old -> [Ver = | Size = 1048276 bytes | Modified Date = 12-12-2007 23:27:18 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 24-12-2007 10:44:56 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 24-12-2007 22:51:10 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 28-12-2007 10:15:20 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 28-12-2007 23:25:12 | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 22-12-2007 0:04:14 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 22-12-2007 9:00:20 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 28-12-2007 10:32:36 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 28-12-2007 10:12:16 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 23-12-2007 11:51:42 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 22-12-2007 8:40:54 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 28-12-2007 10:12:38 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 24-12-2007 10:43:00 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 23-12-2007 11:00:14 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 28-12-2007 10:12:46 | Attr = ]
en-us -> %System32%\en-us -> [Folder | Modified Date = 22-12-2007 8:51:16 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 306808 bytes | Modified Date = 22-12-2007 9:03:42 | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 24-12-2007 22:51:18 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 23-12-2007 11:50:48 | Attr = ]
nl-nl -> %System32%\nl-nl -> [Folder | Modified Date = 22-12-2007 8:56:58 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 81496 bytes | Modified Date = 28-12-2007 10:14:14 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 23-12-2007 11:50:48 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 72824 bytes | Modified Date = 22-12-2007 9:00:28 | Attr = ]
perfc013.dat -> %System32%\perfc013.dat -> [Ver = | Size = 92984 bytes | Modified Date = 22-12-2007 9:00:28 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 445870 bytes | Modified Date = 22-12-2007 9:00:28 | Attr = ]
perfh013.dat -> %System32%\perfh013.dat -> [Ver = | Size = 513928 bytes | Modified Date = 22-12-2007 9:00:28 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1094252 bytes | Modified Date = 22-12-2007 9:00:28 | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 22-12-2007 8:49:50 | Attr = ]
swk.ini -> %System32%\swk.ini -> [Ver = | Size = 36 bytes | Modified Date = 15-12-2007 14:25:06 | Attr = H ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 13-12-2007 21:26:52 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 4-12-2007 1:00:44 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 23-12-2007 11:50:48 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 23-12-2007 11:52:48 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 28-12-2007 10:13:26 | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 22-12-2007 8:56:58 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 24-12-2007 10:44:44 | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 56832 bytes | Modified Date = 19-12-2007 23:23:46 | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 74240 bytes | Modified Date = 19-12-2007 23:23:46 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Modified Date = 12-11-2006 12:44:10 | Attr = ]
UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 16-8-2006 14:53:32 | Attr = RHS]
Thawte Consulting , -> %System32%\cpwmon2k.dll -> [Ver = | Size = 87552 bytes | Modified Date = 12-7-2007 22:33:58 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41122 bytes | Modified Date = 2-9-2004 5:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 17-1-2005 23:26:36 | Attr = RHS]
PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Modified Date = 28-9-2007 18:05:40 | Attr = ]
Thawte Consulting , -> %System32%\mime40.ocx -> devSoft Inc. - www.dev-soft.com [Ver = 4.0.0.138 | Size = 112752 bytes | Modified Date = 4-10-2000 3:02:18 | Attr = ]
UPX! , UPX0 , -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 12-2-2005 23:00:00 | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 12-2-2005 23:00:00 | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 12-2-2005 23:00:00 | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 5-2-2005 23:00:00 | Attr = RHS]
PEC2 , PECompact2 , -> %System32%\Smab.dll -> [Ver = | Size = 471552 bytes | Modified Date = 12-12-2006 13:15:08 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 13-12-2007 21:26:52 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 4-12-2007 1:00:44 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2-9-2004 5:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 10-11-2005 12:16:02 | Attr = ]

< End of report >

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 30 December 2007 - 09:43 AM

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

I'd also like to know if you are still experiencing the same problems.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 DLee

DLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 01 January 2008 - 10:27 AM

First of all Happy newyear !

Panda has a problem on my PC, starts up,and even starts scanning but after a while (round 100.000 items scanned, at the start of scanning c:\ntldr) suddenly the Explorer closes while also stopping Panda. (or otherwise around ofcourse). I can't do anything else then restarting the PC afterwards.

Problem with Popups (or popunders) still appear but far less then before. Had it yesterday a few times, but today (while being online for totally 2 hoursor so) nothing happenend. The other way my computer seems to get slower and slower, when slower IE crashes sometimes.
Not sure if that is because of an infection or of AVG and Spyware Docter which are constantly running since last weeks.

Did all the tools today again, Ad-Aware, Spybot, Spyware Docter,Vundofix.

Strange thing is that I had an Trojan-PWS-Tanspy and Trojan.Generic found by SPyware docter and deleted it 2 times before (20-12 en 28-12), but came back in someway. (see attached file)

Edited by DLee, 01 January 2008 - 02:24 PM.


#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 02 January 2008 - 04:05 PM

Let's try another scanner instead:
Please run a scan with Kaspersky Online Scanner.
You will be promted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on Next.
Select a target to scan; click on My Computer.
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text; they will be needed later.

EDIT: Happy new year to you too! :thumbsup:

Edited by rookie147, 02 January 2008 - 04:06 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 DLee

DLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 03 January 2008 - 01:09 AM

Ok,this one worked...

Thursday, January 03, 2008 7:04:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501725


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
R:\
S:\
T:\
U:\
V:\
W:\
Y:\
Z:\

Scan Statistics
Total number of scanned objects 138711
Number of viruses found 2
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 07:47:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05182007-130011.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\config\interchk.chk Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Logs\SAV.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NurechA1.zip/wincom32.sys Infected: Packed.Win32.Tibs.w skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NurechA1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip/nbmyqbbq.dll Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\MSDVRMM_303074104_2686976_66291 Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\MSDVRMM_303074104_9633792_69330 Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\{27B8FF65-9998-4DEC-9872-75973EDCF846}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\{9AA43259-F355-45EC-903B-8EB8CE8DA69E}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C7E145EA-CF49-4E01-A46B-38435700870B} Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\itouch_crash_info.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP448\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{FD7E2D6F-D324-4431-8525-138456FA1C1B}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Y:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Y:\Tijdelijke internetbestanden\Content.IE5\index.dat Object is locked skipped

Scan process completed.

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 03 January 2008 - 09:44 AM

Can you tell me what files were found to be infected by Spyware Doctor?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 DLee

DLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 04 January 2008 - 03:24 AM

It wern't files but registry keys :

1-1-2008 14:36:55:78 Infectie verwijderd
Naam bedreiging - Trojan-PWS.Tanspy
Type - Registry Key
Risiconiveau - Hoog
Infectie - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load

1-1-2008 14:36:55:391 Infectie verwijderd
Naam bedreiging - Trojan.Generic
Type - Registry Key
Risiconiveau - Gemiddeld
Infectie - HKEY_USERS\S-1-5-21-4174265890-3549865473-4063823473-1007\Software\Wget

#12 DLee

DLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 04 January 2008 - 03:47 PM

I begin to think of an hardware-error also. After starting up mu PC now, had clusterproblems on C and Z...

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 06 January 2008 - 11:35 AM

Sorry about the delay in getting back to you, my internet connection has been quite sporadic in the last few days.
Please download Fixwareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to your Desktop and run it by double clicking.
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer, please do so.
Your system may take longer than usual to load; this is normal.
Once the Desktop loads save the text that will open (report.txt) and post it in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 DLee

DLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nijmegen
  • Local time:02:17 PM

Posted 07 January 2008 - 03:31 PM

Sorry about the delay in getting back to you, my internet connection has been quite sporadic in the last few days.

No problem... still happy with all the help you offer !

report.txt
Username "HP_Administrator" - 07-01-2008 21:21:32 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

De DNS-omzettingscache is leeggemaakt.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"zBrowser Launcher"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 08 January 2008 - 04:42 PM

One more scan to run, I think Fixwareout should have removed the infection but this will get rid of any leftovers.
Download SDFix to your Desktop.
Double click SDFix.exe and it will extract the files to the drive that contains the Windows directory (typically C:\SDFix)

Reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Open the extracted SDFix folder and double click runthis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any trojan services and registry entries that it finds, then prompt you to press any key to reboot.
Press any key and it will restart the PC.
When the PC restarts the tool will run again and complete the removal process, then display Finished.
Press any key to end the script and load your Desktop icons.
Once the Desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.

Edited by rookie147, 08 January 2008 - 04:42 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users