Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Root Kits, Netsky, Bagel.e@mm, Generic.peed.eml (several)


  • Please log in to reply
17 replies to this topic

#1 melchick

melchick

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 09 January 2008 - 02:47 AM

Hi. I have so many different problems going on. I should probably begin by saying I removed Norton 360 from my system because I didn't think it did well at all, obviously, with all of the problems I have. I've run Ad-Aware, Spybot Search & Destroy, Super Anti Spyware, Stinger, Kaspersky Online, BitDefender, AVG, CCleaner, WindowsSecurity.com's Trojan Scanner, I'm sure I'm forgetting something. I can't get Housecall or LiveOne to runat all. I've also run a chkdsk /r and it fixed a few problems.

I'll paste my HiJack this log. If anyone can help me, I will be forever indebted to you! Thanks for reading this far! By the way, this is my first time using this site so if I've flubbed in any way, I apologize in advance.

-Mechelle

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:43 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
E:\WINDOWS\system32\fxssvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Mechelle\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.altavista.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R3 - URLSearchHook: (no name) - {DE97A260-6CD2-4106-F7DC-6C1345DF6CEC} - (no file)
R3 - URLSearchHook: (no name) - {4660F63C-38D5-4601-A8DA-6943B067A3BE} - (no file)
R3 - URLSearchHook: (no name) - {C24CB389-2537-00BD-1085-7CE29A7576E8} - (no file)
R3 - URLSearchHook: (no name) - {E78BC0A9-5949-77CE-3B9C-5D800C3C00B3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4660F63C-38D5-4601-A8DA-6943B067A3BE} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C24CB389-2537-00BD-1085-7CE29A7576E8} - (no file)
O2 - BHO: (no name) - {DE97A260-6CD2-4106-F7DC-6C1345DF6CEC} - (no file)
O2 - BHO: (no name) - {E78BC0A9-5949-77CE-3B9C-5D800C3C00B3} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LXBTCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\Documents and Settings\Mechelle\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104170795421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123261409062
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/database...timage40803.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - E:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12340 bytes

BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:19 PM

Posted 21 January 2008 - 12:16 AM

Hi and welcome,

Sorry for delay.
If you still need assistance please post a fresh hijackthis log here.

Let me know if things are better or worse.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 melchick

melchick
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 27 January 2008 - 02:11 AM

Hi Blender...yes, I'm still having problems, but I've had the flu so I haven't done much lately, so no worries!

Here's my latest HJT log. I hope it helps. Thanks in advance for any help you may be able to give me!

-Mechelle

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:05 AM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\WINDOWS\system32\fxssvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
E:\WINDOWS\System32\svchost.exe
E:\Documents and Settings\Mechelle\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.altavista.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R3 - URLSearchHook: (no name) - {DE97A260-6CD2-4106-F7DC-6C1345DF6CEC} - (no file)
R3 - URLSearchHook: (no name) - {4660F63C-38D5-4601-A8DA-6943B067A3BE} - (no file)
R3 - URLSearchHook: (no name) - {C24CB389-2537-00BD-1085-7CE29A7576E8} - (no file)
R3 - URLSearchHook: (no name) - {E78BC0A9-5949-77CE-3B9C-5D800C3C00B3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4660F63C-38D5-4601-A8DA-6943B067A3BE} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C24CB389-2537-00BD-1085-7CE29A7576E8} - (no file)
O2 - BHO: (no name) - {DE97A260-6CD2-4106-F7DC-6C1345DF6CEC} - (no file)
O2 - BHO: (no name) - {E78BC0A9-5949-77CE-3B9C-5D800C3C00B3} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LXBTCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104170795421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123261409062
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/database...timage40803.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - E:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12210 bytes

#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:19 PM

Posted 28 January 2008 - 09:31 AM

Hi,

Thanks for the new log. Hope you feel better soon.
Keep your fluids up so you don't get dehydrated.

Please start Hijackthis
Run system scan only and check:

R3 - URLSearchHook: (no name) - {DE97A260-6CD2-4106-F7DC-6C1345DF6CEC} - (no file)
R3 - URLSearchHook: (no name) - {4660F63C-38D5-4601-A8DA-6943B067A3BE} - (no file)
R3 - URLSearchHook: (no name) - {C24CB389-2537-00BD-1085-7CE29A7576E8} - (no file)
R3 - URLSearchHook: (no name) - {E78BC0A9-5949-77CE-3B9C-5D800C3C00B3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {4660F63C-38D5-4601-A8DA-6943B067A3BE} - (no file)
O2 - BHO: (no name) - {C24CB389-2537-00BD-1085-7CE29A7576E8} - (no file)
O2 - BHO: (no name) - {DE97A260-6CD2-4106-F7DC-6C1345DF6CEC} - (no file)
O2 - BHO: (no name) - {E78BC0A9-5949-77CE-3B9C-5D800C3C00B3} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)


The O6 line you can ignore if you set it using Spybot Search & Destroy. (That line prevents you from making changes to IE settings)

Once checked, close all open windows and hit "fix checked"
Say OK then exit Hijackthis.

Reboot.

Next:

Click start> run> type cleanmgr and hit enter.
Choose drive E to clean.
In the list presented have checked only:

Temporary Internet files
Temporary files
Recycle bin.

Hit OK to clean up. This may take a few minutes if this in not done often. Since you have CCleaner -- it shouldn't take long.

Go here to run an online scannner from ESET.
http://www.eset.eu/online-scanner
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at:
C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.

If you have trouble running the scanner -- please let me know.

Let me know also how the system is acting now.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#5 melchick

melchick
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 03 February 2008 - 01:49 AM

Hi Sorry its taken me a while. Here is the log file. The system is acting the same. Thanks!

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2844 (20080201)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=e214fcc27feda8479c6f92d196224e25
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-02-03 02:32:53
# local_time=2008-02-02 08:32:53 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=318211
# found=0
# scan_time=7010

#6 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:19 PM

Posted 06 February 2008 - 05:07 AM

Hi,

Sorry for delay.

Run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Please also post a fresh hijackthis log.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#7 melchick

melchick
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 06 February 2008 - 10:24 PM

OK, I did the instructions, ran the f-secure scanner, it found things but when it got to the cleaning part, it would get almost done and the window would close. I tried it twice. Here is the new HJT log. Thanks for trying to help me, I really appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:32 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\WINDOWS\system32\fxssvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Video Add-on\icmntr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Video Add-on\isfmntr.exe
E:\WINDOWS\system32\lxbtcoms.exe
E:\Program Files\Video Add-on\isfmm.exe
E:\Documents and Settings\Mechelle\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.altavista.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\WINDOWS\java\bin\ssv.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - E:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - E:\Program Files\Helper\1202240505.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - E:\Program Files\Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [LXBTCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] E:\Program Files\Video Add-on\isfmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] E:\Program Files\Video Add-on\icthis.exe
O4 - HKUS\S-1-5-21-73586283-1563985344-839522115-1005\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\java\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104170795421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123261409062
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/database...timage40803.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: epineurial - {27cb634d-c84e-4c00-9b53-f5523601dbad} - E:\WINDOWS\system32\iinqyl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - E:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13415 bytes

#8 melchick

melchick
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 07 February 2008 - 06:15 PM

Hi Blender. Since I had the whole smitfraud and zlob thing going, I booted into safe mode and ran some programs, smitfraud removal, spyware, etc. Booted into windows normally and ran the f-secure scan. It was able to complete this time so I will post the report, run another hjt and post that report as well. Take care and thanks in advance for your help!

Scanning Report
Thursday, February 07, 2008 15:54:05 - 17:07:14
Computer name: MECHELLE-IRRB4Z
Scanning type: Scan system for viruses, rootkits, spyware
Target: E:\


--------------------------------------------------------------------------------

Result: 3 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 56488
System: 5305
Not scanned: 20
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
E:\PAGEFILE.SYS
E:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
E:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E8531A8D-B4CA-482B-8F21-7F64DEDFEF58}.BIN
E:\RECYCLER\S-1-5-21-73586283-1563985344-839522115-1006\DE1.LNK
E:\DOCUMENTS AND SETTINGS\MECHELLE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{D247BD11-4442-464B-A277-505B4BFD61FF}
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1456E90C5A97BBE765CA61AC21432517_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\33B091B661C6873217B4E676A06BA8E6_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CD87BC51F990B4ACE2EFE4E9AC92815_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A5840C057A0F9F999DC301BB96ADC98_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B0D6FF69D2FE8BE794C1B107C0E339A_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90C6D8030D22AF6E9EFFA420D87BE775_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96DC910F15F0B5F3C293E5C7F796CBD6_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9826D9A4925C8124C35DF8423674F5AB_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C06AD2877C88E0A6CF4B1325A6FC4A2_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A26FE2EDBB2AC2888A1005B2E3BBBA38_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A560C0259418EE7FC373124F054B2847_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7B212AAB350D56FCD0A909277B18D39_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7CF0810C5E6FC6087B35595D9BC2356_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F15899F926BB03040466EEC920CD69CA_649FD4C5-6B7F-4907-85FB-1B6563611187
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5A0C3DBE2F92E5B2817B0CB184EC7B6_649FD4C5-6B7F-4907-85FB-1B6563611187

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-02-07
F-Secure AVP: 7.0.171, 2008-02-07
F-Secure Orion: 1.2.37, 2008-02-07
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 2008-01-28
F-Secure Pegasus: 1.19.0, 2008-01-06
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
Use Advanced heuristics


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:27 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
E:\WINDOWS\system32\fxssvc.exe
E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\fxsclnt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Mechelle\Desktop\HiJackThis.exe

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\WINDOWS\java\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - E:\Program Files\Helper\1202240505.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LXBTCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\java\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104170795421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123261409062
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/database...timage40803.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - E:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12322 bytes

#9 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:19 PM

Posted 08 February 2008 - 03:59 PM

Hi,

Sorry for delay -- Internet issues here.

Canyou post the log you got from SmitFraudFix please?
should be here:

C:\rapport.txt

Still some things to hit.

Download SDFix and save it to your Desktop.

In the event you already have SDFix, please delete it as this is a new version I need you to download.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#10 melchick

melchick
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 12 February 2008 - 09:38 PM

No Problem! I hope you're issues are repaired! I had an error in Smitfraud after I rebooted into windows normally. Here are the logs you asked for. Thank you again.


SDFix: Version 1.141

Run by Mechelle on Tue 02/12/2008 at 07:58 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: E:\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

E:\Program Files\Helper\1202240505.dll - Deleted



Folder E:\Program Files\Helper - Removed


Removing Temp Files...

ADS Check:



Final Check:


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Messenger\\msmsgs.exe"="E:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\Program Files\\WinMX\\WinMX.exe"="E:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"E:\\Program Files\\Common Files\\AOL\\1125282333\\ee\\AOLServiceHost.exe"="E:\\Program Files\\Common Files\\AOL\\1125282333\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Bonjour\\mDNSResponder.exe"="E:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\Program Files\\Common Files\\AOL\\1128038524\\ee\\AOLServiceHost.exe"="E:\\Program Files\\Common Files\\AOL\\1128038524\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\aolsoftware.exe"="E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\aim6.exe"="E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\aim6.exe:*:Enabled:AIM"
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\AOLServiceHost.exe"="E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\\StubInstaller.exe"="E:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="E:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\\Program Files\\America Online 9.0\\waol.exe"="E:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"E:\\Program Files\\AIM\\aim.exe"="E:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"="E:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"E:\\Program Files\\MSN Messenger\\msncall.exe"="E:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"E:\\Program Files\\Common Files\\AOL\\1153368882\\ee\\aolsoftware.exe"="E:\\Program Files\\Common Files\\AOL\\1153368882\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1153368882\\ee\\aim6.exe"="E:\\Program Files\\Common Files\\AOL\\1153368882\\ee\\aim6.exe:*:Enabled:AIM"
"E:\\Documents and Settings\\Breanna.MECHELLE-IRRB4Z\\My Documents\\My Music\\LimeWire\\LimeWire.exe"="E:\\Documents and Settings\\Breanna.MECHELLE-IRRB4Z\\My Documents\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"E:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="E:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="E:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Internet Explorer\\iexplore.exe"="E:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"E:\\WINDOWS\\system32\\fxsclnt.exe"="E:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"E:\\Program Files\\Real\\RealPlayer\\realplay.exe"="E:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"E:\\WINDOWS\\system32\\mmc.exe"="E:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="E:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"E:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="E:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"E:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="E:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"E:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="E:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Common Files\\AOL\\1125282333\\ee\\AOLServiceHost.exe"="E:\\Program Files\\Common Files\\AOL\\1125282333\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1128038524\\ee\\AOLServiceHost.exe"="E:\\Program Files\\Common Files\\AOL\\1128038524\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\AOLServiceHost.exe"="E:\\Program Files\\Common Files\\AOL\\1135128475\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\\Program Files\\AIM\\aim.exe"="E:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"="E:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"E:\\Program Files\\MSN Messenger\\msncall.exe"="E:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - E:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 14 Nov 2007 31 A..H. --- E:\WINDOWS\UCCSPECC.SYS
Mon 28 Jan 2008 1,404,240 A.SHR --- E:\PROGRA~1\SPYBOT~1\SDUPDATE.EXE
Mon 28 Jan 2008 5,146,448 A.SHR --- E:\PROGRA~1\SPYBOT~1\SPYBOTSD.EXE
Mon 28 Jan 2008 2,097,488 A.SHR --- E:\PROGRA~1\SPYBOT~1\TEATIMER.EXE
Tue 8 Feb 2005 1,024 ...HR --- E:\WINDOWS\SYSTEM32\NTICDM~1.DLL
Tue 8 Feb 2005 1,024 ...HR --- E:\WINDOWS\SYSTEM32\NTIDBD32.DLL
Tue 8 Feb 2005 1,024 ...HR --- E:\WINDOWS\SYSTEM32\NTIEMBED.DLL
Tue 8 Feb 2005 1,024 ...HR --- E:\WINDOWS\SYSTEM32\NTIMPEG2.DLL
Sat 5 Feb 2005 4,348 A.SH. --- E:\DOCUME~1\ALLUSE~1\DRM\DRMV1.BAK
Tue 5 Feb 2008 0 A.SH. --- E:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP
Wed 19 Apr 2006 95,892 ...H. --- E:\PROGRA~1\WALGRE~1\WALGRE~1\DATA\WALGRE~1.EXE
Sat 29 Apr 2006 20 A..H. --- E:\DOCUME~1\MECHELLE\MYDOCU~1\MYMUSI~1\LICENS~1\DRMV1LIC.BAK

Finished!

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:24 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\fxssvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Mechelle\Desktop\HiJackThis.exe

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\WINDOWS\java\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LXBTCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\java\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104170795421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123261409062
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/database...timage40803.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - E:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - E:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12359 bytes

#11 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:19 PM

Posted 13 February 2008 - 03:25 AM

Hi,

Let's see what this tells us.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#12 melchick

melchick
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 13 February 2008 - 11:58 AM

WinPFind35 logfile created on: 2/13/2008 10:55:27 AM

WinPFind35U Version Beta51	 Folder = E:\Documents and Settings\Mechelle\Desktop\WinPFind35u

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1023.17 Mb Total Physical Memory | 501.18 Mb Available Physical Memory | 48.98% Memory free

1.65 Gb Paging File | 1.27 Gb Available in Paging File | 76.81% Paging File free

Paging file location(s): E:\pagefile.sys 768 1536;

 

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files

C: Drive not present or media not loaded

D: Drive not present or media not loaded

Drive E: | 111.78 Gb Total Space | 65.16 Gb Free Space | 58.29% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: MECHELLE-IRRB4Z

Current User Name: Mechelle

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2/21/2006 8:39:16 PM | Attr =	]

xcommsvr.exe -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 11/27/2007 4:46:32 PM | Attr =	]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2/21/2006 8:39:16 PM | Attr =	]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2008 4:09:20 PM | Attr =	]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/11/2008 4:09:20 PM | Attr =	]

avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2/12/2008 9:01:13 PM | Attr =	]

lxbtcoms.exe -> %SystemRoot%\system32\lxbtcoms.exe -> Lexmark International, Inc. [Ver = 1.27.12.0 | Size = 421888 bytes | Modified Date = 2/20/2004 1:10:08 PM | Attr =	]

vsserv.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 387 | Size = 1212416 bytes | Modified Date = 2/5/2008 12:00:47 PM | Attr =	]

livesrv.exe -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 0, 77 | Size = 1130496 bytes | Modified Date = 2/13/2008 9:21:40 AM | Attr =	]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2/21/2006 8:39:16 PM | Attr =	]

(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0021 | Size = 516096 bytes | Modified Date = 11/30/2004 9:10:00 PM | Attr =	]

(AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe -> Kaspersky Lab [Ver = 6.0.3.837 | Size = 231952 bytes | Modified Date = 11/19/2007 2:40:50 PM | Attr =	]

(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 4/30/2005 5:02:26 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]

(iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr =	]

(LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 0, 77 | Size = 1130496 bytes | Modified Date = 2/13/2008 9:21:40 AM | Attr =	]

(lxbt_device) lxbt_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\lxbtcoms.exe -> Lexmark International, Inc. [Ver = 1.27.12.0 | Size = 421888 bytes | Modified Date = 2/20/2004 1:10:08 PM | Attr =	]

(VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 387 | Size = 1212416 bytes | Modified Date = 2/5/2008 12:00:47 PM | Attr =	]

(XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 11/27/2007 4:46:32 PM | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2008 4:09:20 PM | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/11/2008 4:09:20 PM | Attr =	]

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2/12/2008 9:01:13 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 8/9/2006 3:22:18 AM | Attr =	]

(AsIO) AsIO [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AsIO.sys ->  [Ver =  | Size = 12664 bytes | Modified Date = 10/19/2006 2:12:16 AM | Attr = R  ]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6601 | Size = 1505792 bytes | Modified Date = 2/21/2006 8:46:26 PM | Attr =	]

(bdfsfltr) bdfsfltr [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\bdfsfltr.sys -> BitDefender S.R.L. Bucharest, ROMANIA [Ver = 0.3.124.3908, RELEASE,  built by: WinDDK | Size = 196368 bytes | Modified Date = 1/7/2008 5:41:34 PM | Attr =	]

(bdftdif) bdftdif [Kernel | System | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Firewall\bdftdif.sys -> BitDefender SRL [Ver = 3.0.0.9 | Size = 156688 bytes | Modified Date = 11/12/2007 4:28:08 PM | Attr =	]

(BDSelfPr) BDSelfPr [Kernel | On_Demand | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\bdselfpr.sys -> BitDefender S.R.L. [Ver = 11.00 built by: WinDDK | Size = 8320 bytes | Modified Date = 1/21/2008 2:01:49 PM | Attr =	]

(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mechelle\LOCALS~1\Temp\catchme.sys -> File not found

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(DCamUSBSQTECH) Dual-Mode DSC(2770) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SQCaptur.sys -> Service & Quality Technology. [Ver = 1.90.1028.2 | Size = 29744 bytes | Modified Date = 10/28/2003 3:56:56 PM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:17 AM | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr =	]

(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 11:44:04 AM | Attr =	]

(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 113664 bytes | Modified Date = 3/17/2004 3:10:40 PM | Attr =	]

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 135168 bytes | Modified Date = 3/17/2004 3:12:12 PM | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5172 built by: WinDDK | Size = 3966976 bytes | Modified Date = 9/23/2005 5:56:28 PM | Attr =	]

(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\IntelC51.sys -> Intel Corporation [Ver = 2.1.30.16 | Size = 2202674 bytes | Modified Date = 5/16/2003 3:27:24 PM | Attr =	]

(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\IntelC52.sys -> Intel Corporation [Ver = 2.1.30.16 | Size = 451625 bytes | Modified Date = 5/16/2003 3:26:30 PM | Attr =	]

(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\IntelC53.sys -> Intel Corporation [Ver = 2.1.30.16 | Size = 29541 bytes | Modified Date = 5/16/2003 3:25:24 PM | Attr =	]

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(iteatapi) ITEATAPI_Service_Install [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.0 built by: WinDDK | Size = 27648 bytes | Modified Date = 10/28/2005 7:11:00 AM | Attr =	]

(iteraid) ITERAID_Service_Install [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.92 | Size = 25067 bytes | Modified Date = 10/29/2004 11:21:14 AM | Attr =	]

(KLIF) KLIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/4/2008 3:56:09 AM | Attr =	]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.04 | Size = 8096 bytes | Modified Date = 3/29/2000 5:11:20 PM | Attr =	]

(MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\91.tmp -> File not found

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 8/12/2004 8:56:20 PM | Attr = R  ]

(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 5 | Size = 6912 bytes | Modified Date = 2/8/2005 10:24:18 PM | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 201 | Size = 9856 bytes | Modified Date = 10/1/2002 9:22:32 AM | Attr =	]

(Profos) Profos [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\BitDefender\BitDefender Threat Scanner\profos.sys ->  [Ver =  | Size = 12800 bytes | Modified Date = 7/12/2007 12:32:44 AM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys -> File not found

(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr =	]

(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]

(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr =	]

(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(Trufos) Trufos [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\BitDefender\BitDefender Threat Scanner\trufos.sys ->  [Ver =  | Size = 36736 bytes | Modified Date = 7/10/2007 7:00:42 AM | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 2:09:14 PM | Attr =	]

(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found

(ViCAM) ViCAM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Vicam.sys -> Vista Imaging, Inc. [Ver = 6.7.0.24 | Size = 25984 bytes | Modified Date = 10/12/1999 5:04:08 AM | Attr =	]

(VICAMUSB) 3Com HomeConnect USB Camera [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\VicamUsb.sys -> Vista Imaging Incorporated [Ver = 6.7.0.29 | Size = 38548 bytes | Modified Date = 10/12/1999 12:23:22 PM | Attr =	]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 2:13:04 PM | Attr = R  ]

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> Marvell [Ver = 8.41.1.3 built by: WinDDK | Size = 241280 bytes | Modified Date = 9/19/2005 7:41:00 AM | Attr =	]

(AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\avgarkt.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 5632 bytes | Modified Date = 1/31/2007 7:33:46 AM | Attr =	]

(AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 1/18/2007 6:00:28 AM | Attr =	]

(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/12/2008 9:00:13 PM | Attr =	]

(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/12/2008 9:00:15 PM | Attr =	]

(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/12/2008 9:00:16 PM | Attr =	]

(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/12/2008 9:00:17 PM | Attr =	]

(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/12/2008 9:01:13 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/12/2008 9:01:13 PM | Attr =	]

LXBTCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxbttime.dll -> Lexmark International, Inc. [Ver = 0.1.11.5 | Size = 65536 bytes | Modified Date = 3/17/2004 10:30:06 AM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]

< All Users Startup Folder > -> E:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

< Mechelle Startup Folder > -> E:\Documents and Settings\Mechelle\Start Menu\Programs\Startup -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]

AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 2/21/2006 8:40:30 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> -> 

< HOSTS File > (686 bytes) -> E:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> E:\windows\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Local Page -> E:\windows\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4189 domain(s) found. -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4191 domain(s) found. -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{00011268-E188-40DF-A514-835FCD78B1BF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro BHO] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 1/2/2008 2:34:10 AM | Attr =	]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 3:16:42 AM | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\java\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{381FFDE8-2394-4f90-B10D-FC6124A40F8C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BitDefender\BitDefender 2008\IEToolbar.dll [BitDefender Toolbar] -> Bitdefender [Ver = 11.0.0.28 | Size = 86016 bytes | Modified Date = 2/5/2008 12:00:33 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 1/2/2008 2:34:10 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\java\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %SystemRoot%\java\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]

{77E68763-4284-41d6-B7E7-B6E1F053A9E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [EmpirePoker] -> File not found

{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr =	]

{9034A523-D068-4BE8-A284-9DF278BE776E}:Exec ->  [IE Anti-Spyware] -> File not found

{d9288080-1baa-4bc4-9cf8-a92d743db949}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Run IMVU] -> File not found

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 1/2/2008 2:34:10 AM | Attr =	]

CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKEY_LOCAL_MACHINE] ->  [EmpirePoker] -> File not found

CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr =	]

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] ->  [Run IMVU] -> File not found

CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&AIM Search -> Reg Error: Value  does not exist or could not be read. -> File not found

&eBay Search -> Reg Error: Value  does not exist or could not be read. -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{01F1F042-57BC-4AD7-9753-B99CCED16687} ->	(Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> 

{12818D56-14A5-422C-9A9B-75FCB5D0A55A} ->	() -> 

{9E71DF99-E56F-4389-8FDA-F44721211C2F} ->	(Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 

{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab[StagingUI Object] -> 

{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> 

{0D41B8C5-2599-4893-8183-00195EC8D5F9}[HKEY_LOCAL_MACHINE] -> http://support.asus.com/common/asusTek_sys_ctrl.cab[asusTek_sysctrl Class] -> 

{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] -> 

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[CKAVWebScan Object] -> 

{13EC55CF-D993-475B-9ACA-F4A384957956}[HKEY_LOCAL_MACHINE] -> https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB[Reg Error: Key does not exist or could not be opened.] -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 

{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 

{193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] -> 

{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 

{2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92}[HKEY_LOCAL_MACHINE] -> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab[Reg Error: Value  does not exist or could not be read.] -> 

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> E:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> 

{352797A0-EFD0-4FA6-B229-145120EA4B8A}[HKEY_LOCAL_MACHINE] -> https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab[Walt Disney Internet Group Hardware Control] -> 

{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[ZoneBuddy Class] -> 

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc.cab[Office Update Installation Engine] -> 

{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www1.snapfish.com/SnapfishActivia.cab[Snapfish Activia] -> 

{4B48D5DF-9021-45F7-A240-60304302A215}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab[Malicious Software Removal Tool] -> 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> 

{55027008-315F-4F45-BBC3-8BE119764741}[HKEY_LOCAL_MACHINE] -> http://www.slide.com/uploader/SlideImageUploader.cab[Slide Image Uploader Control] -> 

{56393399-041A-4650-94C7-13DFCB1F4665}[HKEY_LOCAL_MACHINE] -> http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab[PSFormX Control] -> 

{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] -> 

{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab[ZonePAChat Object] -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 

{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab[Windows Live Safety Center Base Module] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104170795421[WUWebControl Class] -> 

{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 

{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123261409062[MUWebControl Class] -> 

{6F750200-1362-4815-A476-88533DE61D0C}[HKEY_LOCAL_MACHINE] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab[Ofoto Upload Manager Class] -> 

{6F750202-1362-4815-A476-88533DE61D0C}[HKEY_LOCAL_MACHINE] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab[Kodak Gallery Easy Upload Manager Class] -> 

{74D05D43-3236-11D4-BDCD-00C04F9A3B61}[HKEY_LOCAL_MACHINE] -> http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[HouseCall Control] -> 

{7B297BFD-85E4-4092-B2AF-16A91B2EA103}[HKEY_LOCAL_MACHINE] -> http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab[WScanCtl Class] -> 

{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab[UnoCtrl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{94B82441-A413-4E43-8422-D49930E69764}[HKEY_LOCAL_MACHINE] -> https://rtc4.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB[TLIEFlashObj Class] -> 

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 

{9BFC2253-B9D9-477E-9488-CA450232620D}[HKEY_LOCAL_MACHINE] -> https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB[BinAg1 Class] -> 

{A243F6C2-34D2-4549-BCCD-A7BEF759B236}[HKEY_LOCAL_MACHINE] -> http://img.funtigo.com/images/uploader/ssiPictureUploader.cab[Seekford Solutions, Inc.'s ssiPictureUploader Control] -> 

{A4069847-C342-48E2-9257-01A24E5C78EA}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols3beta/fscax.cab[F-Secure Online Scanner 3.2] -> 

{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] -> 

{B69F2A9C-E470-11D3-AFA3-525400DB7692}[HKEY_LOCAL_MACHINE] -> http://hutchence.armstrong.com/ib/databases/actimage40803.cab[Actimage Room Control] -> 

{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}[HKEY_LOCAL_MACHINE] -> http://ax.emsisoft.com/asquared.cab[a-squared Scanner] -> 

{BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D}[HKEY_LOCAL_MACHINE] -> http://download.copysafe.net/Plugin/Download/Copysafe.cab[CopySafe3 Control] -> 

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CC32D4D8-2A0B-4CEB-B105-C9B968379105}[HKEY_LOCAL_MACHINE] -> https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab[CGameManagerCtrl Object] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[StadiumProxy Class] -> 

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[CTAdjust Class] -> 

{E855A2D4-987E-4F3B-A51C-64D10A7E2479}[HKEY_LOCAL_MACHINE] -> http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab[EPSImageControl Class] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://E:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://E:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 

Yahoo! Bingo[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/clients/y/xt0_x.cab[Reg Error: Key does not exist or could not be opened.] -> 

Yahoo! Literati[HKEY_LOCAL_MACHINE] -> http://download2.games.yahoo.com/games/clients/y/tt5_x.cab[Reg Error: Key does not exist or could not be opened.] -> 

Yahoo! Pool 2[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/clients/y/pote_x.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 740 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> E:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> E:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> E:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 110054 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> E:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:56:42 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 

-> Reg Error: Key does not exist or could not be opened. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{01F1F042-57BC-4AD7-9753-B99CCED16687} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> E:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> E:\WINDOWS\system32\wuauserv.dll [E:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> E:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> E:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> E:\WINDOWS\system32\tlntsvr.exe [E:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> (binary data) -> 





[Files/Folders - Created Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 2/13/2008 8:43:04 AM | Attr = RH ]

SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 2/12/2008 6:32:56 PM | Attr =	]

SDFix.exe -> %SystemDrive%\SDFix.exe ->  [Ver =  | Size = 1307458 bytes | Modified Date = 2/12/2008 6:30:53 PM | Attr =	]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/12/2008 9:00:13 PM | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/12/2008 9:00:15 PM | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/12/2008 9:00:16 PM | Attr =	]

AvgArCln.sys -> %SystemRoot%\System32\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 1/18/2007 6:00:28 AM | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/12/2008 9:01:13 PM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/12/2008 9:01:12 PM | Attr =	]

avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/12/2008 9:00:17 PM | Attr =	]

fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 8908064 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 120380 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 88608 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 9380 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/4/2008 3:56:09 AM | Attr =	]

SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]

ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/7/2008 5:19:49 PM | Attr =	]

asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]

F?nts -> %SystemRoot%\System32\Fοnts ->  [Folder | Modified Date = 9/5/2006 12:56:09 AM | Attr =	]

Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/7/2008 5:19:53 PM | Attr =	]

java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:28 PM | Attr =	]

javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr =	]

javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr =	]

javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr =	]

pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/7/2008 5:19:53 PM | Attr =	]

Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/7/2008 5:19:53 PM | Attr =	]

ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]

a?sembly -> %SystemRoot%\aѕsembly ->  [Folder | Modified Date = 9/9/2006 11:14:06 PM | Attr =	]

ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2/12/2008 7:56:39 PM | Attr =	]

F?nts -> %SystemRoot%\Fοnts ->  [Folder | Modified Date = 10/10/2006 5:33:24 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/12/2008 6:35:47 PM | Attr =	]

unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 3455 bytes | Modified Date = 2/7/2008 6:22:04 PM | Attr =	]

unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/7/2008 6:21:39 PM | Attr =	]

MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 2/13/2008 1:44:25 AM | Attr =  H ]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Created Date = 2/12/2008 8:48:51 PM | Attr =	]

AVG7 -> %AppData%\AVG7 ->  [Folder | Created Date = 2/12/2008 9:00:32 PM | Attr =	]

Desktop Mechanic -> %AppData%\Desktop Mechanic ->  [Folder | Created Date = 1/26/2008 11:52:43 PM | Attr =	]

HouseCall 6.6 -> %AppData%\HouseCall 6.6 ->  [Folder | Created Date = 1/27/2008 9:22:55 PM | Attr =	]

Microsoft_Corporation -> %UserProfile%\Local Settings\Application Data\Microsoft_Corporation ->  [Folder | Created Date = 2/5/2008 11:21:30 PM | Attr =	]

msat -> %UserProfile%\My Documents\msat ->  [Folder | Created Date = 2/5/2008 11:21:45 PM | Attr =	]

W?nSxS -> %UserProfile%\My Documents\WіnSxS ->  [Folder | Modified Date = 9/12/2006 10:10:00 PM | Attr =	]

??stem -> %UserProfile%\My Documents\ѕуstem ->  [Folder | Modified Date = 8/31/2006 12:12:14 AM | Attr =	]

AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 2/12/2008 9:00:19 PM | Attr =	]

AVG Anti-Rootkit Free.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Rootkit Free.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/12/2008 8:58:38 PM | Attr =	]

Desktop Maestro.lnk -> %AllUsersProfile%\Desktop\Desktop Maestro.lnk ->  [Ver =  | Size = 731 bytes | Modified Date = 1/26/2008 10:33:24 PM | Attr =	]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/15/2007 5:02:51 AM | Attr =	]

backups -> %UserProfile%\Desktop\backups ->  [Folder | Created Date = 1/28/2008 10:47:44 PM | Attr =	]

Mechelle2007Meds.doc -> %UserProfile%\Desktop\Mechelle2007Meds.doc ->  [Ver =  | Size = 145920 bytes | Modified Date = 2/12/2008 9:28:02 PM | Attr =	]

Reports -> %UserProfile%\Desktop\Reports ->  [Folder | Created Date = 1/26/2008 1:31:03 PM | Attr =	]

Spyware Protection -> %UserProfile%\Desktop\Spyware Protection ->  [Folder | Created Date = 2/5/2008 11:58:32 PM | Attr =	]

stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/3/2008 10:54:47 PM | Attr =	]

TrendMicro -> %UserProfile%\Desktop\TrendMicro ->  [Folder | Created Date = 1/26/2008 2:40:02 AM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/13/2008 10:50:18 AM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480325 bytes | Modified Date = 2/13/2008 8:14:59 AM | Attr =	]

eMail ID -> %CommonProgramFiles%\eMail ID ->  [Folder | Created Date = 1/27/2008 9:37:40 PM | Attr =	]

?racle -> %CommonProgramFiles%\Оracle ->  [Folder | Modified Date = 9/1/2006 12:42:37 AM | Attr =	]



[Files/Folders - Modified Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/13/2008 8:58:15 AM | Attr = RH ]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/5/2008 11:30:19 PM | Attr =  H ]

Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/12/2008 9:00:24 PM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/12/2008 8:59:33 PM | Attr =	]

SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 2/12/2008 6:33:06 PM | Attr =	]

SDFix.exe -> %SystemDrive%\SDFix.exe ->  [Ver =  | Size = 1307458 bytes | Modified Date = 2/12/2008 6:30:53 PM | Attr =	]

Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 2/4/2008 12:05:58 AM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/12/2008 8:59:33 PM | Attr =	]

{10000003-0000-0000-CB0B-DA1190220AE3} -> %SystemDrive%\{10000003-0000-0000-CB0B-DA1190220AE3} ->  [Folder | Modified Date = 1/27/2008 12:40:43 AM | Attr =	]

{10000003-0000-0000-D1B1-826E5C55BFA6} -> %SystemDrive%\{10000003-0000-0000-D1B1-826E5C55BFA6} ->  [Folder | Modified Date = 1/27/2008 12:40:43 AM | Attr =	]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/12/2008 9:00:13 PM | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/12/2008 9:00:15 PM | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/12/2008 9:00:16 PM | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/12/2008 9:01:13 PM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/12/2008 9:01:12 PM | Attr =	]

avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/12/2008 9:00:17 PM | Attr =	]

etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/12/2008 7:59:08 PM | Attr =	]

HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2/12/2008 7:59:08 PM | Attr =	]

hosts.20080207-212833.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080207-212833.backup ->  [Ver =  | Size = 734 bytes | Modified Date = 2/6/2008 9:29:46 PM | Attr =	]

hosts.20080207-212921.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080207-212921.backup ->  [Ver =  | Size = 224776 bytes | Modified Date = 2/7/2008 9:28:33 PM | Attr = R  ]

fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 8908064 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 120380 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 88608 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 9380 bytes | Modified Date = 2/12/2008 7:44:55 PM | Attr =  HS]

klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/4/2008 3:56:09 AM | Attr =	]

ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/7/2008 5:36:16 PM | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/12/2008 8:53:34 PM | Attr =	]

config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 1/27/2008 9:57:28 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/12/2008 6:35:54 PM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/12/2008 9:01:16 PM | Attr =	]

FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 2/7/2008 4:32:45 PM | Attr =	]

F?nts -> %SystemRoot%\System32\Fοnts ->  [Folder | Modified Date = 9/5/2006 12:56:09 AM | Attr =	]

Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/7/2008 5:19:53 PM | Attr =	]

LEXSUP.HTM -> %SystemRoot%\System32\LEXSUP.HTM ->  [Ver =  | Size = 264 bytes | Modified Date = 2/12/2008 9:20:35 PM | Attr =	]

pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/7/2008 5:19:53 PM | Attr =	]

tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2140 bytes | Modified Date = 2/6/2008 9:29:48 PM | Attr =	]

Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/7/2008 5:19:53 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/11/2008 3:55:05 PM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/12/2008 3:14:56 PM | Attr =  H ]

$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 1/28/2008 3:54:29 AM | Attr =  H ]

assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2/5/2008 11:20:58 PM | Attr = R S]

a?sembly -> %SystemRoot%\aѕsembly ->  [Folder | Modified Date = 9/9/2006 11:14:06 PM | Attr =	]

bdagent.INI -> %SystemRoot%\bdagent.INI ->  [Ver =  | Size = 121 bytes | Modified Date = 2/12/2008 7:44:38 PM | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/12/2008 8:50:12 PM | Attr =   S]

Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/4/2008 12:04:23 AM | Attr =	]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/7/2008 5:19:49 PM | Attr =   S]

ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2/12/2008 7:56:53 PM | Attr =	]

F?nts -> %SystemRoot%\Fοnts ->  [Folder | Modified Date = 10/10/2006 5:33:24 PM | Attr =	]

ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/12/2008 6:35:31 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/12/2008 6:35:47 PM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/12/2008 6:35:55 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/5/2008 11:30:19 PM | Attr =  HS]

java -> %SystemRoot%\java ->  [Folder | Modified Date = 1/28/2008 12:45:16 AM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/13/2008 10:52:17 AM | Attr =	]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/7/2008 3:41:20 PM | Attr =	]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/12/2008 8:59:33 PM | Attr =	]

SYSTEM.INI -> %SystemRoot%\SYSTEM.INI ->  [Ver =  | Size = 227 bytes | Modified Date = 2/12/2008 7:44:28 PM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/12/2008 8:59:33 PM | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/12/2008 8:53:32 PM | Attr =   S]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/13/2008 10:53:44 AM | Attr =	]

unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 3455 bytes | Modified Date = 2/7/2008 6:22:04 PM | Attr =	]

unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/7/2008 6:21:39 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1306 bytes | Modified Date = 2/12/2008 7:44:28 PM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 890 bytes | Modified Date = 1/26/2008 4:04:18 AM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/13/2008 7:02:04 AM | Attr =	]

MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 2/13/2008 1:44:25 AM | Attr =  H ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/12/2008 8:50:28 PM | Attr =  H ]

Spybot - Search & Destroy -  Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy -  Scheduled Task.job ->  [Ver =  | Size = 312 bytes | Modified Date = 2/13/2008 2:00:00 AM | Attr =	]

User_Feed_Synchronization-{35F1AEF6-9829-45C9-AE83-AC9D4927F71D}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{35F1AEF6-9829-45C9-AE83-AC9D4927F71D}.job ->  [Ver =  | Size = 428 bytes | Modified Date = 2/12/2008 4:51:27 PM | Attr =  H ]

hhcolreg.dat -> E:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 8138 bytes | Modified Date = 1/13/2008 10:55:58 PM | Attr =	]

qmgr0.dat -> E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5501 bytes | Modified Date = 2/12/2008 8:51:53 PM | Attr =	]

qmgr1.dat -> E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5501 bytes | Modified Date = 2/12/2008 8:51:53 PM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Modified Date = 2/13/2008 9:04:41 AM | Attr =	]

Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2/12/2008 9:00:05 PM | Attr =	]

Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 2/12/2008 7:30:19 PM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/7/2008 9:40:49 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/12/2008 8:52:09 PM | Attr =	]

@Alternate Data Stream - 151 bytes -> %AllUsersProfile%\Application Data\TEMP:0D786AE3

@Alternate Data Stream - 113 bytes -> %AllUsersProfile%\Application Data\TEMP:18B7103A

@Alternate Data Stream - 101 bytes -> %AllUsersProfile%\Application Data\TEMP:CDF2594B

@Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1

AVG7 -> %AppData%\AVG7 ->  [Folder | Modified Date = 2/13/2008 9:03:48 AM | Attr =	]

Desktop Mechanic -> %AppData%\Desktop Mechanic ->  [Folder | Modified Date = 1/26/2008 11:52:43 PM | Attr =	]

HouseCall 6.6 -> %AppData%\HouseCall 6.6 ->  [Folder | Modified Date = 1/27/2008 9:22:55 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 91136 bytes | Modified Date = 2/8/2008 4:06:22 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 239024 bytes | Modified Date = 1/24/2008 2:31:03 AM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4240656 bytes | Modified Date = 2/7/2008 3:41:12 PM | Attr =  H ]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2/4/2008 12:05:56 AM | Attr =	]

Microsoft_Corporation -> %UserProfile%\Local Settings\Application Data\Microsoft_Corporation ->  [Folder | Modified Date = 2/5/2008 11:21:30 PM | Attr =	]

msat -> %UserProfile%\My Documents\msat ->  [Folder | Modified Date = 2/5/2008 11:22:57 PM | Attr =	]

Pam -> %UserProfile%\My Documents\Pam ->  [Folder | Modified Date = 1/21/2008 3:30:04 PM | Attr =	]

Pics -> %UserProfile%\My Documents\Pics ->  [Folder | Modified Date = 1/21/2008 3:31:46 PM | Attr =	]

Quicken -> %UserProfile%\My Documents\Quicken ->  [Folder | Modified Date = 1/24/2008 3:58:23 AM | Attr =	]

Windows Defender -> %UserProfile%\My Documents\Windows Defender ->  [Folder | Modified Date = 2/5/2008 11:29:36 PM | Attr =	]

W?nSxS -> %UserProfile%\My Documents\WіnSxS ->  [Folder | Modified Date = 9/12/2006 10:10:00 PM | Attr =	]

??stem -> %UserProfile%\My Documents\ѕуstem ->  [Folder | Modified Date = 8/31/2006 12:12:14 AM | Attr =	]

AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 2/12/2008 9:00:19 PM | Attr =	]

AVG Anti-Rootkit Free.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Rootkit Free.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/12/2008 8:58:38 PM | Attr =	]

Desktop Maestro.lnk -> %AllUsersProfile%\Desktop\Desktop Maestro.lnk ->  [Ver =  | Size = 731 bytes | Modified Date = 1/26/2008 10:33:24 PM | Attr =	]

iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 1/27/2008 5:09:48 PM | Attr =	]

backups -> %UserProfile%\Desktop\backups ->  [Folder | Modified Date = 1/28/2008 10:47:44 PM | Attr =	]

In Case of Emergency -> %UserProfile%\Desktop\In Case of Emergency ->  [Folder | Modified Date = 1/24/2008 4:35:40 PM | Attr =	]

Mechelle's Folder -> %UserProfile%\Desktop\Mechelle's Folder ->  [Folder | Modified Date = 2/12/2008 7:50:53 PM | Attr =	]

Mechelle2007Meds.doc -> %UserProfile%\Desktop\Mechelle2007Meds.doc ->  [Ver =  | Size = 145920 bytes | Modified Date = 2/12/2008 9:28:02 PM | Attr =	]

Received Faxes -> %UserProfile%\Desktop\Received Faxes ->  [Folder | Modified Date = 2/7/2008 6:05:06 PM | Attr =	]

Removal Tools -> %UserProfile%\Desktop\Removal Tools ->  [Folder | Modified Date = 2/12/2008 8:58:08 PM | Attr =	]

Reports -> %UserProfile%\Desktop\Reports ->  [Folder | Modified Date = 1/26/2008 1:59:14 PM | Attr =	]

Spyware Protection -> %UserProfile%\Desktop\Spyware Protection ->  [Folder | Modified Date = 2/5/2008 11:58:48 PM | Attr =	]

stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/3/2008 10:54:47 PM | Attr =	]

TrendMicro -> %UserProfile%\Desktop\TrendMicro ->  [Folder | Modified Date = 1/27/2008 9:38:57 PM | Attr =	]

Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts ->  [Folder | Modified Date = 1/15/2008 1:32:03 AM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/13/2008 10:50:18 AM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480325 bytes | Modified Date = 2/13/2008 8:14:59 AM | Attr =	]

eMail ID -> %CommonProgramFiles%\eMail ID ->  [Folder | Modified Date = 1/27/2008 9:37:42 PM | Attr =	]

?racle -> %CommonProgramFiles%\Оracle ->  [Folder | Modified Date = 9/1/2006 12:42:37 AM | Attr =	]



< End of report >


#13 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:19 PM

Posted 14 February 2008 - 07:26 AM

Hi,

Thanks for the log.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {77E68763-4284-41d6-B7E7-B6E1F053A9E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [EmpirePoker]
YN -> {9034A523-D068-4BE8-A284-9DF278BE776E}:Exec -> [IE Anti-Spyware]
YN -> {d9288080-1baa-4bc4-9cf8-a92d743db949}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Run IMVU]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &AIM Search -> Reg Error: Value  does not exist or could not be read.
YN -> &eBay Search -> Reg Error: Value  does not exist or could not be read.
[Files/Folders - Created Within 30 days]
YN -> F?nts -> %SystemRoot%\System32\Fοnts
YN -> a?sembly -> %SystemRoot%\aѕsembly
YN -> F?nts -> %SystemRoot%\Fοnts
[Files Created - Additional Folder Scans - Non-Microsoft Only]
YN -> W?nSxS -> %UserProfile%\My Documents\WіnSxS
YN -> ??stem -> %UserProfile%\My Documents\ѕуstem
YN -> ?racle -> %CommonProgramFiles%\Оracle
[Files/Folders - Modified Within 30 days]
YN -> F?nts -> %SystemRoot%\System32\Fοnts
YN -> a?sembly -> %SystemRoot%\aѕsembly
YN -> F?nts -> %SystemRoot%\Fοnts
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YN -> @Alternate Data Stream - 151 bytes -> %AllUsersProfile%\Application Data\TEMP:0D786AE3
YN -> @Alternate Data Stream - 113 bytes -> %AllUsersProfile%\Application Data\TEMP:18B7103A
YN -> @Alternate Data Stream - 101 bytes -> %AllUsersProfile%\Application Data\TEMP:CDF2594B
YN -> @Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1
YN -> ??stem -> %UserProfile%\My Documents\ѕуstem
YN -> ?racle -> %CommonProgramFiles%\Оracle
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#14 melchick

melchick
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:19 PM

Posted 17 February 2008 - 06:15 PM

Thanks. Before I did this I had a blue screen. KERNEL_STACK_INPAGE_ERROR
Technical Information:

*** STOP: 0x00000077 (0xCooooooE, 0x00000000, 0x05EB3000)

Beginning dump of physical memory.

Now, on to your instructions. I had no problem running it, I did have to reboot. Here is the log file:

[Registry - Non-Microsoft Only]
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D41A8B-D79B-43D7-99A7-9EE0F344C385}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{77E68763-4284-41d6-B7E7-B6E1F053A9E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77E68763-4284-41d6-B7E7-B6E1F053A9E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9034A523-D068-4BE8-A284-9DF278BE776E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AIM Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&eBay Search\ deleted successfully.
[Files/Folders - Created Within 30 days]
E:\WINDOWS\System32\Fοnts folder moved successfully.
E:\WINDOWS\aѕsembly folder moved successfully.
E:\WINDOWS\Fοnts folder moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
E:\Documents and Settings\Mechelle\My Documents\WіnSxS folder moved successfully.
E:\Documents and Settings\Mechelle\My Documents\ѕуstem folder moved successfully.
E:\Program Files\Common Files\Оracle folder moved successfully.
[Files/Folders - Modified Within 30 days]
File E:\WINDOWS\System32\Fοnts not found!
File E:\WINDOWS\aѕsembly not found!
File E:\WINDOWS\Fοnts not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS E:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3 deleted successfully.
ADS E:\Documents and Settings\All Users\Application Data\TEMP:18B7103A deleted successfully.
ADS E:\Documents and Settings\All Users\Application Data\TEMP:CDF2594B deleted successfully.
ADS E:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
File E:\Documents and Settings\Mechelle\My Documents\ѕуstem not found!
File E:\Program Files\Common Files\Оracle not found!
[Empty Temp Folders]
File delete failed. E:\Documents and Settings\Mechelle\Local Settings\Temp\~DF6BF4.tmp scheduled to be deleted on reboot.
File delete failed. E:\WINDOWS\temp\tmp00006d4a\tmp00000000 scheduled to be deleted on reboot.
File delete failed. E:\WINDOWS\temp\TMP0000002474E210EA14E17817 scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta51 fix logfile created on 02172008_170600

#15 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:19 PM

Posted 18 February 2008 - 02:59 AM

Hi,

How is the system running now?

Can you post fresh hijackthis log please?

Thanks :blink:

ps. Looking at the error code you posted -- might be a good idea to error check the hard drive.

Click Start, click Run, type chkdsk /f /r and then click OK.

You shoukld be told chkdsk can't do this while system has hard drive in use -- and offer to run scan at next boot.

Say OK.

No need to reboot right away -- but will wanna do this scan when you are going to have time (like when sleeping) cus it will take a while. (couple/few hours)

Let me know if doing that helped things at all.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users