Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack Just Won't Die - Help?


  • This topic is locked This topic is locked
37 replies to this topic

#1 dhfmnx

dhfmnx

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 21 September 2008 - 12:33 AM

Hey everyone,

I noticed a few days ago that when typing a search term into my firefox/ie address bar, I would get a re-direct to a sedo.com parked page full of text ads.

At that point ran the following scans multiple times (in no particular order).

ad-aware
a-squared free
spybot
windows defender
spyware doctor
mcaffee virus scan
mcaffee stinger
superantispyware

while mostly coming up with nothing, some of the spyware scans had identified some junk - but deleting it did nothing.

here is my hijackthis log, thanks for the help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:38 AM, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://ftp.us.dell.com (HKLM)
O15 - ESC Trusted Zone: http://search.dell.com (HKLM)
O15 - ESC Trusted Zone: http://support.dell.com (HKLM)
O15 - ESC Trusted Zone: http://www.dell.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://support.veritas.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.8.80
O15 - ESC Trusted IP range: http://192.168.8.80 (HKLM)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wwauction.com
O17 - HKLM\Software\..\Telephony: DomainName = wwauction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wwauction.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9516 bytes

BC AdBot (Login to Remove)

 


#2 dhfmnx

dhfmnx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 21 September 2008 - 08:52 AM

bump

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 24 September 2008 - 09:34 PM

Hello, dhfmnx.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 dhfmnx

dhfmnx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 24 September 2008 - 09:42 PM

Thanks for the reply!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:20 PM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://ftp.us.dell.com (HKLM)
O15 - ESC Trusted Zone: http://search.dell.com (HKLM)
O15 - ESC Trusted Zone: http://support.dell.com (HKLM)
O15 - ESC Trusted Zone: http://www.dell.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://support.veritas.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.8.80
O15 - ESC Trusted IP range: http://192.168.8.80 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wwauction.com
O17 - HKLM\Software\..\Telephony: DomainName = wwauction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wwauction.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9057 bytes

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 24 September 2008 - 09:47 PM

Hello, dhfmnx.

Hmm... that log isn't showing much. Lets try sompin else.

We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Check the "Scan All Users" and "Include MD5" checkboxes at the top of the window.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

In your next reply, please include the following:
  • OTScanIt Report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 dhfmnx

dhfmnx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 28 September 2008 - 08:59 AM

Sorry for the late response -- just now getting back to this.
Here is my scan log.

OTScanIt logfile created on: 9/28/2008 8:52:45 AM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Program Files\Mozilla Firefox\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.42% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 91.19 Gb Free Space | 81.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 9XQCDH1
Current User Name: hoffmannd
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]
a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> MD5 = 4E3A07545479F3964D49AA310E8505E5 | Emsi Software GmbH [Ver = 3.0.0.476 | Size = 380536 bytes | Modified Date = 7/31/2008 2:46:28 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> MD5 = 4E3A07545479F3964D49AA310E8505E5 | Emsi Software GmbH [Ver = 3.0.0.476 | Size = 380536 bytes | Modified Date = 7/31/2008 2:46:28 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> MD5 = F76D04F7413B07DAA029F6520B64B4E8 | Macrovision Europe Ltd. [Ver = 11.5.0.0 build 56285 | Size = 651720 bytes | Modified Date = 9/11/2008 8:38:46 PM | Attr =	]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> MD5 = CCAA27BAEB46B6369269847BA7D3C011 | PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 6/13/2008 3:29:14 PM | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> MD5 = 7566D4903C31027668767C29320977A0 | PC Tools [Ver = 6.0.0.16 | Size = 1073544 bytes | Modified Date = 8/7/2008 12:12:38 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(guardian2) guardian2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\oz776.sys -> MD5 = 7031A936832967A93B0E5D5F1C76745A | O2Micro [Ver = 1.1.4.2 (+EMV1.3.7.3) | Size = 62208 bytes | Modified Date = 3/26/2007 10:19:00 AM | Attr =	]
(IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> MD5 = BF1D66C139A4E9BE079D47FCFA993578 | PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Modified Date = 6/2/2008 3:19:12 PM | Attr =	]
(IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> MD5 = A90856D3FC565A0D0165574E51A6D088 | PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 6/2/2008 3:19:16 PM | Attr =	]
(IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> MD5 = 6EBDED50D6E19879BC3A86C36D3A0F9D | PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Modified Date = 6/10/2008 9:22:52 PM | Attr =	]
(KeyScrambler) KeyScrambler [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\keyscrambler.sys -> MD5 = 83D64BE5FCE2F076C03A6B066EB1E77B | QFX Software Corporation [Ver = 2.2.0 | Size = 113896 bytes | Modified Date = 6/24/2008 12:45:18 PM | Attr =	]
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> MD5 = DC450992EBA6F914080C1F7FBEEED72C | PalmSource, Inc. [Ver = 6, 0, 2, 0 | Size = 16640 bytes | Modified Date = 12/4/2007 5:10:30 PM | Attr = R  ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> MD5 = C030C9A39E85B6F04A8DD25D1A50258A | SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 9/3/2008 2:07:14 PM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> MD5 = E9C2D75C748C3F0A4C34D6CF2AE1D754 |  SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 9/3/2008 2:07:16 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> MD5 = 64C100DBF57C6CB6E7D5D24153F5E444 | SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 9/3/2008 2:07:12 PM | Attr =	]
(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wdcsam.sys -> MD5 = D6EFAF429FD30C5DF613D220E344CCE7 | Western Digital Technologies [Ver = 1, 0, 7, 2 | Size = 11520 bytes | Modified Date = 4/16/2008 8:27:04 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
HotSync -> %ProgramFiles%\PalmSource\Desktop\HotSync.exe ["C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers] -> File not found
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> MD5 = A1918ED875DA5418345831419DAB7369 | Intel Corporation [Ver = 11.1.1.1 | Size = 974848 bytes | Modified Date = 7/25/2007 4:30:36 PM | Attr =	]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> MD5 = C2288D3EB868395BFEA5BA5B13014306 | Intel Corporation [Ver = 11.1.1.5 | Size = 823296 bytes | Modified Date = 7/25/2007 4:32:50 PM | Attr =	]
McAfee Managed Services Tray -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe ["C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"] -> MD5 = B9A8B1EF0D42ABC618FA81DF45778995 | McAfee, Inc. [Ver = 4.7.0.538 | Size = 87360 bytes | Modified Date = 1/22/2008 10:09:14 PM | Attr =	]
MVS Splash -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\Splash.exe ["C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"] -> MD5 = 9612A9EF6A356F920924B33A9679F45C | McAfee, Inc. [Ver = 4.7.0.538 | Size = 468288 bytes | Modified Date = 1/22/2008 10:09:32 PM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> MD5 = BCDDB364D1E1D6DAC48F0CEF7BEBAE85 | NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 8429568 bytes | Modified Date = 4/28/2007 7:05:00 PM | Attr =	]
NVHotkey -> %SystemRoot%\system32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> MD5 = AB3A572C654C1F6E24C568A481C48127 | NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 67584 bytes | Modified Date = 4/28/2007 7:05:00 PM | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> MD5 = 66821ED67E9D67B8BE32E0031EF0C065 | NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 81920 bytes | Modified Date = 4/28/2007 7:05:00 PM | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet] -> MD5 = 0F919E1FAF47734B50F4FCB6111D73D8 |  [Ver =  | Size = 1626112 bytes | Modified Date = 4/28/2007 7:05:00 PM | Attr =	]
SigmatelSysTrayApp -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> MD5 = 012844A8E13BE3941C9CAF1F91F47DF2 | SigmaTel, Inc. [Ver = 1.0.5515.0  nd596 cp1 | Size = 405504 bytes | Modified Date = 5/10/2007 10:22:32 AM | Attr =	]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> MD5 = E7DEADB409CD8A4552C91ABF624F138F |  [Ver =  | Size = 36352 bytes | Modified Date = 8/3/2008 6:02:20 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Orb -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe ["C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background] -> MD5 = 5A4CD8C1747B0C5E66F1A7B6A93453EB | Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 3/31/2008 8:54:06 PM | Attr =	]
Pidgin -> %ProgramFiles%\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe] -> MD5 = 8E718C634F41CEEBDEF7C56B7A95ED82 | The Pidgin developer community [Ver = 2.5.1 | Size = 45091 bytes | Modified Date = 8/30/2008 10:39:16 PM | Attr =	]
< Run [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\] > -> HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Orb -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe ["C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background] -> MD5 = 5A4CD8C1747B0C5E66F1A7B6A93453EB | Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 3/31/2008 8:54:06 PM | Attr =	]
Pidgin -> %ProgramFiles%\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe] -> MD5 = 8E718C634F41CEEBDEF7C56B7A95ED82 | The Pidgin developer community [Ver = 2.5.1 | Size = 45091 bytes | Modified Date = 8/30/2008 10:39:16 PM | Attr =	]
< admin Startup Folder > -> C:\Documents and Settings\admin\Start Menu\Programs\Startup -> 
< administrator Startup Folder > -> C:\Documents and Settings\administrator\Start Menu\Programs\Startup -> 
< Administrator.D630 Startup Folder > -> C:\Documents and Settings\Administrator.D630\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> %ProgramFiles%\Palm\Hotsync.exe -> MD5 = E97DF7E5BCA0A35E5302AEA39E5CC01C | PalmSource, Inc [Ver = 7.0.2 | Size = 1392640 bytes | Modified Date = 1/3/2008 6:28:08 PM | Attr = R  ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< hoffmand Startup Folder > -> C:\Documents and Settings\hoffmand\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> MD5 = ECD5517A6633826057D4F050927DDF56 | SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> MD5 = 12896823FB95BFB3DC9B46BCAEDC9923 | Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> MD5 = A93AEE1928A9D7CE3E16D24EC7380F89 | Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> MD5 = 2081A5B5E4ABA206A0A8A1A97DF0FB23 | Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B | Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> MD5 = C504A9FE17F997F8B1F8561D0A68DE52 | Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845] > -> HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> MD5 = D8EDAEEAF63BBF45ED9B7A3666641C2A | SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 7/23/2008 4:28:18 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845] > -> HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms -> 1 -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate -> 1 -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> MD5 = 1F4260CC5B42272D71F79E570A27A4FE | Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Modified Date = 8/4/2008 1:03:02 PM | Attr =	]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\] > -> -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
wwauction.com .[http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
wwauction.com .[http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\] > -> HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\] > -> HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> MD5 = E96C752BBA0E22330A43258FC800200E | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 75128 bytes | Modified Date = 6/11/2008 10:33:16 PM | Attr =	]
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\KeyScrambler\KeyScramblerIE.dll [CKeyScramblerBHO Object] -> MD5 = 6640CD16CB57A37254DE7BD9780B4E42 | QFX Software Corporation [Ver = 2, 2, 1, 0 | Size = 812520 bytes | Modified Date = 9/20/2008 4:24:29 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> MD5 = F921D875A1CBD69A6A462BA2514BC831 | Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\] > -> HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> MD5 = 7C83A2809E13950359189767AC9D5DB8 | Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> MD5 = F921D875A1CBD69A6A462BA2514BC831 | Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}:{B745F984-EF2E-40D6-A9AC-D8CED7230E61} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\KeyScrambler\KeyScramblerIE.dll [&KeyScrambler...] -> MD5 = 6640CD16CB57A37254DE7BD9780B4E42 | QFX Software Corporation [Ver = 2, 2, 1, 0 | Size = 812520 bytes | Modified Date = 9/20/2008 4:24:29 PM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append Link Target to Existing PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
Append to Existing PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
Convert Link Target to Adobe PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
Convert to Adobe PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\] > -> HKEY_USERS\S-1-5-21-873435700-1031927308-2251430741-5845\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append Link Target to Existing PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
Append to Existing PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
Convert Link Target to Adobe PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
Convert to Adobe PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -> MD5 = F2DCB030FBDD320F858871515C18C5D1 | Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 345480 bytes | Modified Date = 6/11/2008 10:42:44 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{07A5D18E-4C96-4FDF-8664-54945FA259F0} ->	(1394 Net Adapter) -> 
{4AB8FE45-C249-40E3-8BAD-2682C3AD2F09} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{D15D621E-6596-4D53-84DB-2525B2508A14} ->	(1394 Net Adapter) -> 
{E89517CE-59E4-4FCE-8C73-136069AD834E} ->	(Broadcom NetXtreme 57xx Gigabit Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> MD5 = 1F5A570AD942DFCFE4500326ABDD72B2 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
myrm -> 2 = Trusted sites (Not a Default Protocol) -> 
myui -> 2 = Trusted sites (Not a Default Protocol) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
myrm:{4D034FC3-013F-4b95-B544-44D49ABE3E76} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\MyRmProt4.7.0.538.dll[MyRmProtocol Class] -> MD5 = 8F9F185CED2083FA51717AE4BD267F96 | McAfee, Inc. [Ver = 4.7.0.538 | Size = 143360 bytes | Modified Date = 1/22/2008 12:17:08 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\.Owner -> {4871A87A-BFDD-4106-8153-FFDE2BAC2967} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\{4871A87A-BFDD-4106-8153-FFDE2BAC2967} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Manager.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Manager.exe\\.Owner -> {4871A87A-BFDD-4106-8153-FFDE2BAC2967} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Manager.exe\\{4871A87A-BFDD-4106-8153-FFDE2BAC2967} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Acrobat Assistant 8.0 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> MD5 = 0FE0EDF01CEA3BEB2E65A904BB87525E | Adobe Systems Inc. [Ver = 9.0.0.2008061100 | Size = 640376 bytes | Modified Date = 6/11/2008 10:43:26 PM | Attr =	]
Adobe Acrobat Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe -> MD5 = 35FD33EAE23AF69715EE3231A9F15B82 | Adobe Systems Incorporated [Ver = 9.0.0.2008061200 | Size = 37232 bytes | Modified Date = 6/12/2008 2:25:18 AM | Attr =	]
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 9.0\Reader\reader_sl.exe -> MD5 = 69B16C7B7746BA5C642FC05B3561FC73 | Adobe Systems Incorporated [Ver = 9.0.0.2008061200 | Size = 34672 bytes | Modified Date = 6/12/2008 2:38:00 AM | Attr =	]
Adobe_ID0EYTHM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe -> MD5 = C1873D880786B6B03AF781E23835D925 | Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 1884160 bytes | Modified Date = 3/20/2007 4:40:44 PM | Attr =	]
ClamWin hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ClamWin\bin\ClamTray.exe -> MD5 = 60B69063859C013136BDB487684CD103 | alch [Ver = 0.94.0.0 | Size = 86016 bytes | Modified Date = 9/5/2008 2:43:40 AM | Attr =	]
SpybotSD TeaTimer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> MD5 = FFB5BAC9C29303904365640A2E2A6D0C | Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> MD5 = 6AB4C021FBD36DC6764924C312428D97 | Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR
{0046FA01-C5B9-4985-BACB-398DC480FC05} -> Adobe Photoshop CS3
{04AF207D-9A77-465A-8B76-991F6AB66245} -> Adobe Help Viewer CS3
{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} -> mSSO
{08B32819-6EEF-4057-AEDA-5AB681A36A23} -> Adobe Bridge Start Meeting
{09E2111C-16B1-4DDF-BF0D-F994C9A12350} -> Adobe Setup
{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} -> MSXML 6.0 Parser (KB933579)
{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} -> mLogView
{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} -> Adobe WinSoft Linguistics Plugin
{1D58229F-C505-45CA-8223-F35F3A34B963} -> Adobe Version Cue CS3 Server {ko_KR} 
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} -> mProSafe
{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} -> Adobe ExtendScript Toolkit 2
{29E5EA97-5F74-4A57-B8B2-D4F169117183} -> Adobe Stock Photos CS3
{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1
{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} -> Adobe Flash Video Encoder
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3E9D596A-61D4-4239-BD19-2DB984D2A16F} -> mIWA
{42929F0F-CE14-47AF-9FC7-FF297A603021} -> Dell Resource CD
{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} -> mHlpDell
{51846830-E7B2-4218-8968-B77F0FF475B8} -> Adobe Color EU Extra Settings
{54793AA1-5001-42F4-ABB6-C364617C6078} -> Adobe Linguistics CS3
{63DB9CCD-2B56-4217-9A3D-507AC78320CA} -> mWMI
{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} -> Adobe Setup
{6ABE0BEE-D572-4FE8-B434-9E72A289431B} -> Adobe Fonts All
{6B52140A-F189-4945-BFFC-DB3F00B8C589} -> Adobe Flash CS3
{6B708481-748A-4EB4-97C1-CD386244FF77} -> Adobe MotionPicture Color Files
{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} -> AHV content for Acrobat and Flash
{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} -> Adobe Color Common Settings
{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} -> Adobe Asset Services CS3
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25} -> Adobe Dreamweaver CS3
{7DFC1012-D346-46CE-B03E-FF79125AE029} -> Adobe Fireworks CS3
{802771A9-A856-4A41-ACF7-1450E523C923} -> Adobe XMP Panels CS3
{829CD169-E692-48E8-9BDE-A3E8D8B65538} -> mSCfg
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} -> mPfMgr
{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} -> Adobe Device Central CS3
{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} -> Adobe Type Support
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90176341-0A8B-4CCC-A78D-F862228A6B95} -> Adobe Anchor Service CS3
{90B0D222-8C21-4B35-9262-53B042F18AF9} -> mPfWiz
{94658027-9F16-4509-BBD7-A59FE57C3023} -> mZConfig
{95655ED4-7CA5-46DF-907F-7144877A32E5} -> Adobe Color NA Recommended Settings
{95C42225-F0E2-4480-AD65-560D854F252E} -> Palm Desktop by ACCESS
{9C9824D9-9000-4373-A6A5-D0E5D4831394} -> Adobe Bridge CS3
{9DE3F260-B88E-42CE-90E7-73C78C37D95E} -> 32 Bit HP BiDi Channel Components Installer
{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender
{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} -> mDriver
{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} -> Adobe CMaps
{A2D81E70-2A98-4A08-A628-94388B063C5E} -> Adobe Color - Photoshop Specific
{A462213D-EED4-42C2-9A60-7BDD4D4B0B17} -> SigmaTel Audio
{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} -> PDF Settings
{AC76BA86-1033-F400-7760-000000000004} -> Adobe Acrobat 9 Pro - English, Franšais, Deutsch
{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004} -> Adobe Acrobat 9 Pro - English, Franšais, Deutsch
{AC76BA86-7AD7-1033-7B44-A90000000001} -> Adobe Reader 9
{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} -> Adobe Camera Raw 4.0
{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} -> Adobe Setup
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B671CBFD-4109-4D35-9252-3062D3CCB7B2} -> Adobe SING CS3
{B7F560B3-6EFF-4026-A982-843895A41149} -> Adobe BridgeTalk Plugin CS3
{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} -> Adobe Default Language CS3
{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation
{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} -> Adobe Flash Player 9 ActiveX
{BCE72AED-3332-4863-9567-C5DCB9052CA2} -> Netflix Movie Viewer
{BE5F3842-8309-4754-92D5-83E02E6077A3} -> Adobe Extension Manager CS3
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{C336A3DB-FA32-42BE-97D0-FFD42D807FD6} -> Oz776 SCR Driver V1.1.4.2
{C5BD220A-EFE8-48A5-B70E-9503D535FACE} -> Adobe WAS CS3
{C92A5A89-B218-46F7-8898-77C52113FFE0} -> Adobe Setup
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CB3F8375-B600-4B9F-83C9-238ED1E583FD} -> Adobe InDesign CS3
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{D0DFF92A-492E-4C40-B862-A74A173C25C5} -> Adobe Version Cue CS3 Client
{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF} -> Adobe Creative Suite 3 Design Premium
{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} -> Adobe PDF Library Files
{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B} -> Broadcom Gigabit Integrated Controller
{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} -> Adobe Color JA Extra Settings
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{E69AE897-9E0B-485C-8552-7841F48D42D8} -> Adobe Update Manager CS3
{E81667C6-2856-46D6-ABEA-6A2F42166779} -> mCore
{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} -> Adobe InDesign CS3 Icon Handler
{F08E8D2E-F132-4742-9C87-D5FF223A016A} -> Adobe Illustrator CS3
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} -> mMHouse
{F6090A17-0967-4A8A-B3C3-422A1B514D49} -> mDrWiFi
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} -> mWlsSafe
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player Plugin
Adobe_3e054d2218e7aa282c2369d939e58ff -> Adobe ExtendScript Toolkit 2
Adobe_6c8e2cb4fd241c55406016127a6ab2e -> Adobe Color Common Settings
Adobe_bbef028176efa5abf0233d3e1747be8 -> Adobe Fireworks CS3
Adobe_c14ac4070fd9614ffe63f4bb533db2c -> Add or Remove Adobe Creative Suite 3 Design Premium
Aspell English Dictionary_is1 -> Aspell English Dictionary-0.50-2
a-squared Free_is1 -> a-squared Free 3.5
Auction Client -> Auction Client
ClamWin Free Antivirus_is1 -> ClamWin Free Antivirus 0.94
CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F -> Conexant HDA D330 MDC V.92 Modem
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
FileZilla Client -> FileZilla Client 3.1.2
GNU Aspell_is1 -> GNU Aspell 0.50-3
GTK 2.0 -> GTK+ Runtime 2.12.8 rev a (remove only)
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6} -> Oz776 SCR Driver V1.1.4.2
KB835221WXP -> High Definition Audio Driver Package - KB835221
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130)
KB911564 -> Security Update for Windows Media Player (KB911564)
KB915800-v4 -> Hotfix for Windows XP (KB915800-v4)
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)
KB932471.T301_380ToU433_380 -> Hotfix for Microsoft .NET Framework 3.0 (KB932471)
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)
KB936782_WMP9 -> Security Update for Windows Media Player 9 (KB936782)
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127)
KB938464 -> Security Update for Windows XP (KB938464)
KB939683 -> Hotfix for Windows Media Player 11 (KB939683)
KB941569 -> Security Update for Windows XP (KB941569)
KB942763 -> Update for Windows XP (KB942763)
KB943729 -> Update for Windows XP (KB943729)
KB946648 -> Security Update for Windows XP (KB946648)
KB950759 -> Security Update for Windows XP (KB950759)
KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759)
KB950760 -> Security Update for Windows XP (KB950760)
KB950762 -> Security Update for Windows XP (KB950762)
KB950974 -> Security Update for Windows XP (KB950974)
KB951066 -> Security Update for Windows XP (KB951066)
KB951072-v2 -> Update for Windows XP (KB951072-v2)
KB951376-v2 -> Security Update for Windows XP (KB951376-v2)
KB951698 -> Security Update for Windows XP (KB951698)
KB951748 -> Security Update for Windows XP (KB951748)
KB951978 -> Update for Windows XP (KB951978)
KB952287 -> Hotfix for Windows XP (KB952287)
KB952954 -> Security Update for Windows XP (KB952954)
KB953838-IE7 -> Security Update for Windows Internet Explorer 7 (KB953838)
KB953839 -> Security Update for Windows XP (KB953839)
KB954154_WM11 -> Security Update for Windows Media Player 11 (KB954154)
KeyScrambler -> KeyScrambler
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.3) -> Mozilla Firefox (3.0.3)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
MultipleIEs_is1 -> MultipleIEs
MVS -> McAfee Virus and Spyware Protection Service
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NVIDIA Drivers -> NVIDIA Drivers
Orb -> Winamp Remote
Pidgin -> Pidgin
PolarClock3 -> PolarClock3 Screen Saver
ProInst -> Intel(R) PROSet/Wireless Software
Spyware Doctor -> Spyware Doctor 6.0
WGA -> Windows Genuine Advantage Validation Tool (KB892130)
WgaNotify -> Windows Genuine Advantage Notifications (KB905474)
WIC -> Windows Imaging Component
Winamp -> Winamp
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0


[Files/Folders - Created Within 30 days]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 9/19/2008 2:22:19 AM | Attr =	]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> MD5 = 8E59F9BE251C8AE32A1CEB068B3F96B1 |  [Ver =  | Size = 64352 bytes | Created Date = 9/11/2008 8:58:53 PM | Attr =	]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> MD5 = 3194C32E8A2403073B812183355E25C6 |  [Ver =  | Size = 129045 bytes | Created Date = 9/11/2008 8:59:00 PM | Attr =	]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> MD5 = BF1D66C139A4E9BE079D47FCFA993578 | PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Created Date = 9/18/2008 11:09:59 PM | Attr =	]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> MD5 = A90856D3FC565A0D0165574E51A6D088 | PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 9/18/2008 11:09:59 PM | Attr =	]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> MD5 = 6EBDED50D6E19879BC3A86C36D3A0F9D | PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Created Date = 9/18/2008 11:09:59 PM | Attr =	]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> MD5 = 8CB1AEA5CC79397319B139171DF877A0 | PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 9/18/2008 11:09:59 PM | Attr =	]
keyscrambler.sys -> %SystemRoot%\System32\drivers\keyscrambler.sys -> MD5 = 83D64BE5FCE2F076C03A6B066EB1E77B | QFX Software Corporation [Ver = 2.2.0 | Size = 113896 bytes | Created Date = 9/20/2008 4:20:11 PM | Attr =	]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> MD5 = 905CB655E93D39C97E078A3C4C884F31 |  [Ver =  | Size = 67866 bytes | Created Date = 9/11/2008 8:59:46 PM | Attr =	]
PalmUSBD.sys -> %SystemRoot%\System32\drivers\PalmUSBD.sys -> MD5 = DC450992EBA6F914080C1F7FBEEED72C | PalmSource, Inc. [Ver = 6, 0, 2, 0 | Size = 16640 bytes | Created Date = 9/11/2008 8:56:13 PM | Attr = R  ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> MD5 = 61FD593673225697D091DE2DDD2E9E47 | S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 9/18/2008 11:41:49 PM | Attr =	]
AdobePDF.dll -> %SystemRoot%\System32\AdobePDF.dll -> MD5 = D65DB1C24E27ACD169971552C6FC9E2F | Adobe Systems Inc [Ver = 9.0.0000.0000 | Size = 45392 bytes | Created Date = 9/11/2008 8:38:28 PM | Attr = R  ]
AmsAV.nfo -> %SystemRoot%\System32\AmsAV.nfo -> MD5 = 33409D3E53526CC60725ABD03DBE6461 |  [Ver =  | Size = 34 bytes | Created Date = 9/18/2008 9:00:02 PM | Attr =	]
AntiXPVSTFix.exe -> %SystemRoot%\System32\AntiXPVSTFix.exe -> MD5 = BF1BBF73F1006530CC388A84122F1902 | S!Ri.URZ [Ver =  | Size = 88576 bytes | Created Date = 9/18/2008 11:41:50 PM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Created Date = 9/21/2008 3:44:19 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Auctionclient.nfo -> %SystemRoot%\System32\Auctionclient.nfo -> MD5 = 33409D3E53526CC60725ABD03DBE6461 |  [Ver =  | Size = 34 bytes | Created Date = 9/18/2008 9:00:02 PM | Attr =	]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 9/12/2008 8:18:18 AM | Attr =	]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> MD5 = 21868B2D22C726D94D98F15825D4134B |  [Ver =  | Size = 51200 bytes | Created Date = 9/18/2008 11:41:48 PM | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 9/12/2008 8:18:18 AM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 9/12/2008 4:10:01 PM | Attr =	]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> MD5 = 85A985C96BACFCAA8CAC56B75C5E6CAB | S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 9/18/2008 11:41:50 PM | Attr =	]
NPSWF32.dll -> %SystemRoot%\System32\NPSWF32.dll -> MD5 = EDF220A1DCDB2CB01DCEA8E80B1435C5 |  [Ver =  | Size = 2463976 bytes | Created Date = 9/11/2008 1:50:37 PM | Attr =	]
NPSWF32_FlashUtil.exe -> %SystemRoot%\System32\NPSWF32_FlashUtil.exe -> MD5 = 08D0E8EDFB8655C9CCF8CE92FDBDDF2E | Adobe Systems, Inc. [Ver = 9,0,45,0 | Size = 190696 bytes | Created Date = 9/11/2008 1:50:37 PM | Attr =	]
pid.inf -> %SystemRoot%\System32\pid.inf -> MD5 = FB30009167CEE7350030E444042B73E5 |  [Ver =  | Size = 974 bytes | Created Date = 9/11/2008 8:59:21 PM | Attr =	]
PolarClock3 dir -> %SystemRoot%\System32\PolarClock3 dir ->  [Folder | Created Date = 9/11/2008 3:43:53 PM | Attr =	]
PolarClock3.scr -> %SystemRoot%\System32\PolarClock3.scr -> MD5 = 681C331810C271E2FF28BE9F1A0D5123 | ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Created Date = 9/11/2008 3:43:53 PM | Attr =	]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 9/12/2008 8:18:19 AM | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> MD5 = FC041F7D1341EEE456F1FA1A256CD24F | S!Ri [Ver =  | Size = 288417 bytes | Created Date = 9/18/2008 11:41:48 PM | Attr =	]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> MD5 = E417D888FDDE9A2290C369C82A7AEC3E | SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 9/18/2008 11:41:48 PM | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> MD5 = C16B1595E3C2FFC875EF28BF66EC557F |  [Ver =  | Size = 40960 bytes | Created Date = 9/18/2008 11:41:48 PM | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> MD5 = EF5DC4CF7C39CFB4653859878C14D86C | SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 9/18/2008 11:41:48 PM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> MD5 = 7B17B36A641B69BCF8B6C02628DB9160 |  [Ver =  | Size = 4366 bytes | Created Date = 9/18/2008 11:44:00 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> MD5 = B174D056E1693561245B4840C5FA7C60 | S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 9/18/2008 11:41:49 PM | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> MD5 = D726E152E257A1AB819F88312EC69620 | S!Ri [Ver =  | Size = 289144 bytes | Created Date = 9/18/2008 11:41:49 PM | Attr =	]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> MD5 = 49B5595B1824BEA6D850E0ED08B53E43 |  [Ver =  | Size = 25600 bytes | Created Date = 9/18/2008 11:41:49 PM | Attr =	]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 9/12/2008 8:07:11 AM | Attr =  H ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 9/12/2008 8:18:18 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Created Date = 9/11/2008 10:33:59 AM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 9/12/2008 4:11:05 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 9/12/2008 12:29:55 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 9/19/2008 1:17:26 AM | Attr =	]
SchCache -> %SystemRoot%\SchCache ->  [Folder | Created Date = 9/9/2008 2:51:17 PM | Attr =	]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 9/12/2008 8:16:10 AM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 9/19/2008 2:27:12 AM | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> MD5 = 67F57936EDF93C3CF167AD89253EBB5F |  [Ver =  | Size = 330 bytes | Created Date = 9/18/2008 9:17:03 PM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
ALM -> %AllUsersProfile%\Application Data\ALM ->  [Folder | Created Date = 9/11/2008 1:59:40 PM | Attr =	]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet ->  [Folder | Created Date = 9/11/2008 2:13:02 PM | Attr =	]
HotSync -> %AllUsersProfile%\Application Data\HotSync ->  [Folder | Created Date = 9/11/2008 8:51:22 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 9/21/2008 6:23:06 PM | Attr =	]
nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles ->  [Folder | Created Date = 9/11/2008 10:10:07 AM | Attr =	]
OrbNetworks -> %AllUsersProfile%\Application Data\OrbNetworks ->  [Folder | Created Date = 9/25/2008 2:34:34 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 9/19/2008 12:03:38 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/18/2008 9:22:40 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 9/18/2008 11:09:48 PM | Attr =	]
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
.clamwin -> %AppData%\.clamwin ->  [Folder | Created Date = 9/21/2008 2:56:17 PM | Attr =	]
.purple -> %AppData%\.purple ->  [Folder | Created Date = 9/11/2008 1:32:26 PM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 9/11/2008 10:20:05 AM | Attr =	]
Arcsoft -> %AppData%\Arcsoft ->  [Folder | Created Date = 9/11/2008 8:52:24 PM | Attr =	]
desktop.ini -> %AppData%\desktop.ini -> MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B |  [Ver =  | Size = 62 bytes | Created Date = 9/9/2008 2:51:51 PM | Attr =  HS]
Download Manager -> %AppData%\Download Manager ->  [Folder | Created Date = 9/11/2008 3:21:35 PM | Attr =	]
FileZilla -> %AppData%\FileZilla ->  [Folder | Created Date = 9/16/2008 11:14:01 AM | Attr =	]
HotSync -> %AppData%\HotSync ->  [Folder | Created Date = 9/11/2008 8:51:22 PM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Created Date = 9/9/2008 2:52:15 PM | Attr =	]
Intel -> %AppData%\Intel ->  [Folder | Created Date = 9/9/2008 2:51:50 PM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 9/11/2008 10:20:05 AM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 9/21/2008 6:23:10 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 9/9/2008 2:51:50 PM | Attr =   S]
Move Networks -> %AppData%\Move Networks ->  [Folder | Created Date = 9/15/2008 3:01:51 PM | Attr =	]
Mozilla -> %AppData%\Mozilla ->  [Folder | Created Date = 9/18/2008 11:36:49 PM | Attr =	]
PC Tools -> %AppData%\PC Tools ->  [Folder | Created Date = 9/18/2008 11:09:49 PM | Attr =	]
Sun -> %AppData%\Sun ->  [Folder | Created Date = 9/19/2008 2:27:12 AM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/18/2008 9:22:35 PM | Attr =	]
Winamp -> %AppData%\Winamp ->  [Folder | Created Date = 9/25/2008 2:34:00 PM | Attr =	]
Windows Search -> %AppData%\Windows Search ->  [Folder | Created Date = 9/12/2008 4:10:33 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Created Date = 9/11/2008 1:53:57 PM | Attr =	]
FlickrNet -> %UserProfile%\Local Settings\Application Data\FlickrNet ->  [Folder | Created Date = 9/17/2008 11:31:39 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> MD5 = 24418841A12F81445F346A2756D7006A |  [Ver =  | Size = 71640 bytes | Created Date = 9/11/2008 2:16:13 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> MD5 = 5C36FA01A77EDEA26027E564EE222156 |  [Ver =  | Size = 4839366 bytes | Created Date = 9/9/2008 3:23:38 PM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Created Date = 9/12/2008 4:10:20 PM | Attr =	]
Installer2244 -> %UserProfile%\Local Settings\Application Data\Installer2244 ->  [Folder | Created Date = 9/18/2008 8:45:06 AM | Attr =	]
Installer3536 -> %UserProfile%\Local Settings\Application Data\Installer3536 ->  [Folder | Created Date = 9/18/2008 8:13:11 AM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Created Date = 9/9/2008 2:51:50 PM | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Created Date = 9/11/2008 10:33:57 AM | Attr =	]
TechSmith -> %UserProfile%\Local Settings\Application Data\TechSmith ->  [Folder | Created Date = 9/17/2008 11:25:32 AM | Attr =	]
a-squared Free -> %UserProfile%\My Documents\a-squared Free ->  [Folder | Created Date = 9/19/2008 1:11:23 AM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini -> MD5 = C855792E6343284EC1324310FA1DC606 |  [Ver =  | Size = 79 bytes | Created Date = 9/9/2008 2:52:13 PM | Attr =  HS]
My Albums -> %UserProfile%\My Documents\My Albums ->  [Folder | Created Date = 9/11/2008 8:52:24 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Created Date = 9/9/2008 2:52:13 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Created Date = 9/9/2008 2:52:13 PM | Attr = R  ]
my videos -> %UserProfile%\My Documents\my videos ->  [Folder | Created Date = 9/11/2008 8:57:35 PM | Attr =	]
Palm OS Desktop -> %UserProfile%\My Documents\Palm OS Desktop ->  [Folder | Created Date = 9/11/2008 8:50:10 PM | Attr =	]
Updater5 -> %UserProfile%\My Documents\Updater5 ->  [Folder | Created Date = 9/11/2008 3:49:11 PM | Attr =	]
Advertising - Agencies.URL -> %UserProfile%\Desktop\Advertising - Agencies.URL -> MD5 = 4CDDF5334B8EC277F6085A343BD8DDF3 |  [Ver =  | Size = 91 bytes | Created Date = 9/24/2008 9:12:51 PM | Attr =	]
APPS -> %UserProfile%\Desktop\APPS ->  [Folder | Created Date = 9/11/2008 12:12:30 PM | Attr =	]
Auction Network SEO Musts!.doc -> %UserProfile%\Desktop\Auction Network SEO Musts!.doc -> MD5 = 7FA0A9CBB158A9093F800D16A59AF2DC |  [Ver =  | Size = 26112 bytes | Created Date = 9/27/2008 4:16:44 PM | Attr =	]
auctionnetwork_seo_strat.doc -> %UserProfile%\Desktop\auctionnetwork_seo_strat.doc -> MD5 = E68FE4BB0E772DD78DF939CA862F7BAD |  [Ver =  | Size = 24064 bytes | Created Date = 9/24/2008 1:07:18 PM | Attr =	]
blog_screen.psd -> %UserProfile%\Desktop\blog_screen.psd -> MD5 = 5686BA4ADF8073D8183A0B1DBF22558E |  [Ver =  | Size = 3028411 bytes | Created Date = 9/22/2008 12:00:31 PM | Attr =	]
browsers -> %UserProfile%\Desktop\browsers ->  [Folder | Created Date = 9/11/2008 12:12:31 PM | Attr =	]
D -> %UserProfile%\Desktop\D ->  [Folder | Created Date = 9/17/2008 11:16:17 AM | Attr =	]
Docs -> %UserProfile%\Desktop\Docs ->  [Folder | Created Date = 9/11/2008 12:12:31 PM | Attr =	]
dustin.zip -> %UserProfile%\Desktop\dustin.zip -> MD5 = 672163B4DF841CE28EF4F78876A6F5F2 |  [Ver =  | Size = 3868837 bytes | Created Date = 9/24/2008 4:54:40 PM | Attr =	]
facebook -> %UserProfile%\Desktop\facebook ->  [Folder | Created Date = 9/26/2008 3:55:02 PM | Attr =	]
flow -> %UserProfile%\Desktop\flow ->  [Folder | Created Date = 9/19/2008 6:01:12 AM | Attr =	]
from usb -> %UserProfile%\Desktop\from usb ->  [Folder | Created Date = 9/11/2008 12:12:31 PM | Attr =	]
konigi-graphpaper.zip -> %UserProfile%\Desktop\konigi-graphpaper.zip -> MD5 = 57C3C8ED07164DFADDB65CD132779240 |  [Ver =  | Size = 365336 bytes | Created Date = 9/22/2008 1:55:44 PM | Attr =	]
links -> %UserProfile%\Desktop\links ->  [Folder | Created Date = 9/11/2008 12:12:34 PM | Attr =	]
OTScanIt(2).exe -> %UserProfile%\Desktop\OTScanIt(2).exe -> MD5 = A4F8F9CEAA8AE40F13AC488905F3E4DA |  [Ver =  | Size = 576581 bytes | Created Date = 9/28/2008 8:27:28 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> MD5 = A4F8F9CEAA8AE40F13AC488905F3E4DA |  [Ver =  | Size = 576581 bytes | Created Date = 9/28/2008 8:27:11 AM | Attr =	]
PBA-solutionPath.doc -> %UserProfile%\Desktop\PBA-solutionPath.doc -> MD5 = B5BFE5CB6BA387CABDEF4DEFEB01FDD5 |  [Ver =  | Size = 27648 bytes | Created Date = 9/22/2008 1:32:41 PM | Attr =	]
PBA_wireframe.psd -> %UserProfile%\Desktop\PBA_wireframe.psd -> MD5 = D3F1C80F87A947ED3E4F4A38935730D4 |  [Ver =  | Size = 1353402 bytes | Created Date = 9/22/2008 12:30:40 PM | Attr =	]
projects -> %UserProfile%\Desktop\projects ->  [Folder | Created Date = 9/11/2008 12:12:34 PM | Attr =	]
Pushing culture and creativity to levels never seen before, an entire blog post in creative links ╗ Hell Yeah Dude - A voice.URL -> %UserProfile%\Desktop\Pushing culture and creativity to levels never seen before, an entire blog post in creative links ╗ Hell Yeah Dude - A voice.URL -> MD5 = 0920AE313FEBCF9C31161778E2A4AE6A |  [Ver =  | Size = 156 bytes | Created Date = 9/27/2008 11:02:36 AM | Attr =	]
seo_quick_turnaround.doc -> %UserProfile%\Desktop\seo_quick_turnaround.doc -> MD5 = 6646FB8D31B70B74F7F5F020E70352D8 |  [Ver =  | Size = 50688 bytes | Created Date = 9/25/2008 8:41:45 AM | Attr =	]
t-1671.html -> %UserProfile%\Desktop\t-1671.html -> MD5 = DE243DC82573DDCB371C6B860D2E72F5 |  [Ver =  | Size = 8020 bytes | Created Date = 9/23/2008 12:19:35 AM | Attr =	]
t-1671_files -> %UserProfile%\Desktop\t-1671_files ->  [Folder | Created Date = 9/23/2008 12:19:35 AM | Attr =	]
t-64231-Browser-Hijack-Firefox-and-IE.html -> %UserProfile%\Desktop\t-64231-Browser-Hijack-Firefox-and-IE.html -> MD5 = 3538732E2556DD21E91EEC7A97960C53 |  [Ver =  | Size = 37393 bytes | Created Date = 9/23/2008 12:03:13 AM | Attr =	]
t-64231-Browser-Hijack-Firefox-and-IE_files -> %UserProfile%\Desktop\t-64231-Browser-Hijack-Firefox-and-IE_files ->  [Folder | Created Date = 9/23/2008 12:03:13 AM | Attr =	]
HotSync Manager.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> MD5 = CCC3867DE670E02F89B8F5CB47990B68 |  [Ver =  | Size = 1513 bytes | Created Date = 9/11/2008 8:52:39 PM | Attr =	]
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> MD5 = D6A6856702E3F0953E7246A9B4A9FE35 |  [Ver =  | Size = 84 bytes | Created Date = 9/9/2008 2:51:50 PM | Attr =  HS]
Control Panels -> %CommonProgramFiles%\Control Panels ->  [Folder | Created Date = 9/11/2008 2:01:33 PM | Attr =	]
GTK -> %CommonProgramFiles%\GTK ->  [Folder | Created Date = 9/11/2008 10:44:08 AM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 9/19/2008 2:23:45 AM | Attr =	]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Created Date = 9/11/2008 1:41:12 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 9/17/2008 11:24:42 AM | Attr =	]
a-squared Free -> %ProgramFiles%\a-squared Free ->  [Folder | Created Date = 9/19/2008 1:11:23 AM | Attr =	]
Aspell -> %ProgramFiles%\Aspell ->  [Folder | Created Date = 9/11/2008 10:44:48 AM | Attr =	]
Auction Client -> %ProgramFiles%\Auction Client ->  [Folder | Created Date = 9/25/2008 3:38:54 PM | Attr =	]
Bonjour -> %ProgramFiles%\Bonjour ->  [Folder | Created Date = 9/11/2008 1:45:09 PM | Attr =	]
ClamWin -> %ProgramFiles%\ClamWin ->  [Folder | Created Date = 9/21/2008 2:56:10 PM | Attr =	]
FileZilla FTP Client -> %ProgramFiles%\FileZilla FTP Client ->  [Folder | Created Date = 9/16/2008 11:13:42 AM | Attr =	]
Java -> %ProgramFiles%\Java ->  [Folder | Created Date = 9/19/2008 2:24:04 AM | Attr =	]
KeyScrambler -> %ProgramFiles%\KeyScrambler ->  [Folder | Created Date = 9/20/2008 4:20:11 PM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 9/21/2008 6:23:06 PM | Attr =	]
McAfee -> %ProgramFiles%\McAfee ->  [Folder | Created Date = 9/10/2008 3:19:42 PM | Attr =	]
Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight ->  [Folder | Created Date = 9/15/2008 3:07:56 PM | Attr =	]
Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox ->  [Folder | Created Date = 9/11/2008 10:33:51 AM | Attr =	]
MSECache -> %ProgramFiles%\MSECache ->  [Folder | Created Date = 9/12/2008 4:08:54 PM | Attr =	]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 ->  [Folder | Created Date = 9/12/2008 12:32:41 PM | Attr =	]
MultipleIEs -> %ProgramFiles%\MultipleIEs ->  [Folder | Created Date = 9/12/2008 8:49:01 AM | Attr =	]
Netflix -> %ProgramFiles%\Netflix ->  [Folder | Created Date = 9/27/2008 10:59:53 PM | Attr =	]
Palm -> %ProgramFiles%\Palm ->  [Folder | Created Date = 9/11/2008 8:51:02 PM | Attr =	]
Pidgin -> %ProgramFiles%\Pidgin ->  [Folder | Created Date = 9/11/2008 10:44:18 AM | Attr =	]
QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 9/11/2008 1:54:32 PM | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 9/19/2008 12:03:38 AM | Attr =	]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor ->  [Folder | Created Date = 9/18/2008 11:09:49 PM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 9/18/2008 9:22:35 PM | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/18/2008 10:05:08 PM | Attr =	]
Winamp -> %ProgramFiles%\Winamp ->  [Folder | Created Date = 9/25/2008 2:34:00 PM | Attr =	]
Winamp Remote -> %ProgramFiles%\Winamp Remote ->  [Folder | Created Date = 9/25/2008 2:34:30 PM | Attr =	]
Windows Defender -> %ProgramFiles%\Windows Defender ->  [Folder | Created Date = 9/18/2008 9:13:57 PM | Attr =	]
Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search ->  [Folder | Created Date = 9/12/2008 4:10:01 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> MD5 = FA579938B0733B87066546AFE951082C |  [Ver =  | Size = 211 bytes | Modified Date = 9/28/2008 8:52:16 AM | Attr =  HS]
ntldr -> %SystemDrive%\ntldr -> MD5 = C1B29B4E6EEA9510610DB2EC4D6DB160 |  [Ver =  | Size = 250048 bytes | Modified Date = 9/12/2008 8:12:41 AM | Attr = RHS]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> MD5 = DE1CBFE6C3086010AF115A1F00909B01 |  [Ver =  | Size = 734 bytes | Modified Date = 9/19/2008 6:06:40 AM | Attr =	]
AmsAV.nfo -> %SystemRoot%\System32\AmsAV.nfo -> MD5 = 33409D3E53526CC60725ABD03DBE6461 |  [Ver =  | Size = 34 bytes | Modified Date = 9/18/2008 9:00:02 PM | Attr =	]
AntiXPVSTFix.exe -> %SystemRoot%\System32\AntiXPVSTFix.exe -> MD5 = BF1BBF73F1006530CC388A84122F1902 | S!Ri.URZ [Ver =  | Size = 88576 bytes | Modified Date = 9/8/2008 11:38:55 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Auctionclient.nfo -> %SystemRoot%\System32\Auctionclient.nfo -> MD5 = 33409D3E53526CC60725ABD03DBE6461 |  [Ver =  | Size = 34 bytes | Modified Date = 9/18/2008 9:00:02 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> MD5 = 64E8D9C468FC377CAB4818300140F1FD |  [Ver =  | Size = 1563856 bytes | Modified Date = 9/17/2008 8:09:50 AM | Attr =	]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> MD5 = 85A985C96BACFCAA8CAC56B75C5E6CAB | S!Ri.URZ [Ver =  | Size = 82944 bytes | Modified Date = 9/18/2008 12:11:56 PM | Attr =	]
nvModes.001 -> %SystemRoot%\System32\nvModes.001 -> MD5 = EE61E3007486A836C249974C6B9B5EBC |  [Ver =  | Size = 80695 bytes | Modified Date = 9/28/2008 7:41:36 AM | Attr =	]
nvModes.dat -> %SystemRoot%\System32\nvModes.dat -> MD5 = EE61E3007486A836C249974C6B9B5EBC |  [Ver =  | Size = 80695 bytes | Modified Date = 9/17/2008 11:03:02 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> MD5 = 8DFE816DCB58C2EADB5E0B2C80868029 |  [Ver =  | Size = 72554 bytes | Modified Date = 9/18/2008 11:11:09 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> MD5 = 5A45A51E15ECF11CD5FE53CC07018F73 |  [Ver =  | Size = 445096 bytes | Modified Date = 9/18/2008 11:11:09 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> MD5 = 38C5CF9E268E499A6412D6F1B7BDEEA2 |  [Ver =  | Size = 526710 bytes | Modified Date = 9/18/2008 11:11:09 PM | Attr =	]
PolarClock3.scr -> %SystemRoot%\System32\PolarClock3.scr -> MD5 = 681C331810C271E2FF28BE9F1A0D5123 | ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 9/11/2008 3:43:53 PM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> MD5 = 7B17B36A641B69BCF8B6C02628DB9160 |  [Ver =  | Size = 4366 bytes | Modified Date = 9/19/2008 6:06:42 AM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> MD5 = B174D056E1693561245B4840C5FA7C60 | S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 9/2/2008 4:51:48 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> MD5 = B9C928AE4E06FA93E3C865384765725F |  [Ver =  | Size = 2206 bytes | Modified Date = 9/27/2008 11:47:04 AM | Attr =	]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat -> MD5 = 6A2CB42966136854F4464516FBB4AE72 |  [Ver =  | Size = 2048 bytes | Modified Date = 9/27/2008 11:35:01 AM | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> MD5 = 1955D5FAE8E405DE7A377588CCBB96DE |  [Ver =  | Size = 1374 bytes | Modified Date = 9/12/2008 4:10:06 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Modified Date = 9/11/2008 10:33:59 AM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI -> MD5 = EC940475561F651E8CCA80C9144191D0 |  [Ver =  | Size = 376 bytes | Modified Date = 9/16/2008 8:21:45 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini -> MD5 = F4D021E764F6FA554606F4A735A3151B |  [Ver =  | Size = 227 bytes | Modified Date = 9/28/2008 8:52:16 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini -> MD5 = D131FB67BD46ACC0DD6F4F614D227B48 |  [Ver =  | Size = 603 bytes | Modified Date = 9/28/2008 8:52:16 AM | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> MD5 = 67F57936EDF93C3CF167AD89253EBB5F |  [Ver =  | Size = 330 bytes | Modified Date = 9/27/2008 11:55:11 AM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 |  [Ver =  | Size = 6 bytes | Modified Date = 9/27/2008 11:35:06 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 8/4/2008 3:44:22 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> MD5 = 56AB7811D8E685C7646F26C96DCC4F67 |  [Ver =  | Size = 4232 bytes | Modified Date = 9/26/2008 8:10:55 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> MD5 = CE64E3EC74B90652AEF2D1E203B9F207 |  [Ver =  | Size = 5485 bytes | Modified Date = 9/26/2008 8:10:55 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 8/4/2008 3:48:11 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> MD5 = 0E7E24ED21BD5DA96B0D882D5A043AD4 |  [Ver =  | Size = 8206 bytes | Modified Date = 9/9/2008 2:52:52 PM | Attr =	]
C:\Documents and Settings\hoffmand\Local Settings\Temp\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp ->  [Folder | Modified Date = 9/28/2008 8:49:18 AM | Attr =	]
RingStart.exe -> C:\Documents and Settings\hoffmand\Local Settings\Temp\RingStart.exe -> MD5 = 673871939E3CA8A7A3C159ADBAA3B198 | AMS [Ver = 510,0,1,0 | Size = 157944 bytes | Modified Date = 9/25/2008 3:41:23 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\hoffmand\Local Settings\Temp\SSUPDATE.EXE -> MD5 = DE0B8DF9CAC69D14DDEA41608FF0F5F5 | SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 9/3/2008 2:07:10 PM | Attr =	]
4 C:\Documents and Settings\hoffmand\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\hoffmand\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\RTPatch\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\RTPatch ->  [Folder | Modified Date = 9/25/2008 3:59:05 PM | Attr =	]
patch.exe -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\RTPatch\patch.exe -> MD5 = D91D34C1826491777C2442BAEE3745E7 |  [Ver =  | Size = 34816 bytes | Modified Date = 9/25/2008 3:59:05 PM | Attr =	]
C:\Documents and Settings\hoffmand\Local Settings\Temp\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp ->  [Folder | Modified Date = 9/28/2008 8:49:18 AM | Attr =	]
Installer.dll -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Installer.dll -> MD5 = FD09446640CB0E958C50166E25615FCD | AMS [Ver = 510,6,0,0 | Size = 50672 bytes | Modified Date = 9/25/2008 3:41:23 PM | Attr =	]
npbasic.dll -> C:\Documents and Settings\hoffmand\Local Settings\Temp\npbasic.dll -> MD5 = 8DA741914DF48BF087EA9FB5EB74354F |   [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Modified Date = 9/25/2008 3:41:23 PM | Attr =	]
4 C:\Documents and Settings\hoffmand\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\hoffmand\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher1028\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher1028 ->  [Folder | Modified Date = 9/25/2008 3:54:22 PM | Attr =	]
InstallerResults.dll -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher1028\InstallerResults.dll -> MD5 = C1BBDCCBB45505826E7BEAD5956FC586 |  [Ver =  | Size = 153016 bytes | Modified Date = 9/25/2008 3:54:15 PM | Attr =	]
C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher1028\CAPS\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher1028\CAPS ->  [Folder | Modified Date = 9/25/2008 3:54:15 PM | Attr =	]
adobe_caps.dll -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher1028\CAPS\adobe_caps.dll -> MD5 = DBD1A1A9B7C5B4098E9B599EF3C7832E | Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 9/25/2008 3:54:15 PM | Attr =	]
C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296 ->  [Folder | Modified Date = 9/25/2008 3:59:42 PM | Attr =	]
InstallerResults.dll -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\InstallerResults.dll -> MD5 = C1BBDCCBB45505826E7BEAD5956FC586 |  [Ver =  | Size = 153016 bytes | Modified Date = 9/25/2008 3:58:58 PM | Attr =	]
C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\CAPS\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\CAPS ->  [Folder | Modified Date = 9/25/2008 3:58:58 PM | Attr =	]
adobe_caps.dll -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\CAPS\adobe_caps.dll -> MD5 = DBD1A1A9B7C5B4098E9B599EF3C7832E | Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 9/25/2008 3:58:58 PM | Attr =	]
C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\RTPatch\ -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\RTPatch ->  [Folder | Modified Date = 9/25/2008 3:59:05 PM | Attr =	]
patchw32.dll -> C:\Documents and Settings\hoffmand\Local Settings\Temp\Patcher\Patcher2296\RTPatch\patchw32.dll -> MD5 = B3E85A6D149080CC1BE8EAAD722E4ED2 |  [Ver =  | Size = 182272 bytes | Modified Date = 9/25/2008 3:59:05 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> MD5 = 24418841A12F81445F346A2756D7006A |  [Ver =  | Size = 71640 bytes | Modified Date = 9/17/2008 10:55:33 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> MD5 = 5C36FA01A77EDEA26027E564EE222156 |  [Ver =  | Size = 4839366 bytes | Modified Date = 9/27/2008 11:33:59 AM | Attr =  H ]
desktop.ini -> %UserProfile%\My Documents\desktop.ini -> MD5 = C855792E6343284EC1324310FA1DC606 |  [Ver =  | Size = 79 bytes | Modified Date = 9/9/2008 2:52:19 PM | Attr =  HS]
Advertising - Agencies.URL -> %UserProfile%\Desktop\Advertising - Agencies.URL -> MD5 = 4CDDF5334B8EC277F6085A343BD8DDF3 |  [Ver =  | Size = 91 bytes | Modified Date = 9/24/2008 9:12:51 PM | Attr =	]
Auction Network SEO Musts!.doc -> %UserProfile%\Desktop\Auction Network SEO Musts!.doc -> MD5 = 7FA0A9CBB158A9093F800D16A59AF2DC |  [Ver =  | Size = 26112 bytes | Modified Date = 9/27/2008 5:01:57 PM | Attr =	]
auctionnetwork_seo_strat.doc -> %UserProfile%\Desktop\auctionnetwork_seo_strat.doc -> MD5 = E68FE4BB0E772DD78DF939CA862F7BAD |  [Ver =  | Size = 24064 bytes | Modified Date = 9/24/2008 1:34:54 PM | Attr =	]
blog_screen.psd -> %UserProfile%\Desktop\blog_screen.psd -> MD5 = 5686BA4ADF8073D8183A0B1DBF22558E |  [Ver =  | Size = 3028411 bytes | Modified Date = 9/23/2008 12:28:46 AM | Attr =	]
dustin.zip -> %UserProfile%\Desktop\dustin.zip -> MD5 = 672163B4DF841CE28EF4F78876A6F5F2 |  [Ver =  | Size = 3868837 bytes | Modified Date = 9/24/2008 4:54:41 PM | Attr =	]
konigi-graphpaper.zip -> %UserProfile%\Desktop\konigi-graphpaper.zip -> MD5 = 57C3C8ED07164DFADDB65CD132779240 |  [Ver =  | Size = 365336 bytes | Modified Date = 9/22/2008 1:55:45 PM | Attr =	]
OTScanIt(2).exe -> %UserProfile%\Desktop\OTScanIt(2).exe -> MD5 = A4F8F9CEAA8AE40F13AC488905F3E4DA |  [Ver =  | Size = 576581 bytes | Modified Date = 9/28/2008 8:27:28 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> MD5 = A4F8F9CEAA8AE40F13AC488905F3E4DA |  [Ver =  | Size = 576581 bytes | Modified Date = 9/28/2008 8:27:11 AM | Attr =	]
PBA-solutionPath.doc -> %UserProfile%\Desktop\PBA-solutionPath.doc -> MD5 = B5BFE5CB6BA387CABDEF4DEFEB01FDD5 |  [Ver =  | Size = 27648 bytes | Modified Date = 9/22/2008 5:08:16 PM | Attr =	]
PBA_wireframe.psd -> %UserProfile%\Desktop\PBA_wireframe.psd -> MD5 = D3F1C80F87A947ED3E4F4A38935730D4 |  [Ver =  | Size = 1353402 bytes | Modified Date = 9/23/2008 12:29:20 AM | Attr =	]
Pushing culture and creativity to levels never seen before, an entire blog post in creative links ╗ Hell Yeah Dude - A voice.URL -> %UserProfile%\Desktop\Pushing culture and creativity to levels never seen before, an entire blog post in creative links ╗ Hell Yeah Dude - A voice.URL -> MD5 = 0920AE313FEBCF9C31161778E2A4AE6A |  [Ver =  | Size = 156 bytes | Modified Date = 9/27/2008 11:02:36 AM | Attr =	]
seo_quick_turnaround.doc -> %UserProfile%\Desktop\seo_quick_turnaround.doc -> MD5 = 6646FB8D31B70B74F7F5F020E70352D8 |  [Ver =  | Size = 50688 bytes | Modified Date = 9/27/2008 5:31:35 PM | Attr =	]
t-1671.html -> %UserProfile%\Desktop\t-1671.html -> MD5 = DE243DC82573DDCB371C6B860D2E72F5 |  [Ver =  | Size = 8020 bytes | Modified Date = 9/23/2008 12:19:36 AM | Attr =	]
t-64231-Browser-Hijack-Firefox-and-IE.html -> %UserProfile%\Desktop\t-64231-Browser-Hijack-Firefox-and-IE.html -> MD5 = 3538732E2556DD21E91EEC7A97960C53 |  [Ver =  | Size = 37393 bytes | Modified Date = 9/23/2008 12:03:16 AM | Attr =	]
HotSync Manager.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> MD5 = CCC3867DE670E02F89B8F5CB47990B68 |  [Ver =  | Size = 1513 bytes | Modified Date = 9/11/2008 8:52:39 PM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000080
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 14
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 104 bytes
C:\Documents and Settings\hoffmand\Desktop\D\dhfmnx\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\hoffmand\Desktop\projects\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\hoffmand\Desktop\projects\YouTube\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 35

< End of report >


#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 28 September 2008 - 09:26 AM

Hello, dhfmnx.

Alrighty, that log shows clean as well... but given the simptoms I think I may know what infection this is, and it might not appear in these reports :thumbsup:

I would like us to run a scan with MalwareBytes' Anti-Malware
Please download MalwareBytes' Anti-Malware from one of the following mirrors:Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded select "Perform Quick Scan", then click Scan.
    Note: Quick is somewhat of a misnomer. The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)
  • The log is automatically saved by MbAM and can be viewed by clicking the Logs tab in MbAM.
  • Copy&Paste the entire report in your next reply.
Note: If MbAM encounters a file that is difficult to remove,you will be presented with a prompt. Click OK to to any prompts to let MbAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

In your next reply, please include the following:
  • MbAM's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 dhfmnx

dhfmnx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 28 September 2008 - 10:14 AM

Nothing detected by mbam:

Malwarebytes' Anti-Malware 1.28
Database version: 1219
Windows 5.1.2600 Service Pack 3

9/28/2008 10:13:25 AM
mbam-log-2008-09-28 (10-13-25).txt

Scan type: Quick Scan
Objects scanned: 52839
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---- here is the hijack this log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:42 AM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\OTScanIt\OTScanIt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://ftp.us.dell.com (HKLM)
O15 - ESC Trusted Zone: http://search.dell.com (HKLM)
O15 - ESC Trusted Zone: http://support.dell.com (HKLM)
O15 - ESC Trusted Zone: http://www.dell.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://support.veritas.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.8.80
O15 - ESC Trusted IP range: http://192.168.8.80 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wwauction.com
O17 - HKLM\Software\..\Telephony: DomainName = wwauction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wwauction.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8984 bytes

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 28 September 2008 - 10:16 AM

That all looks clean. Are you still having problems?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 dhfmnx

dhfmnx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 28 September 2008 - 11:06 AM

Yes, when I type any single word into my url bar, it redirects me to sedoparking.com, then sedo.com
This is happening in all browsers.
I have 2 computers on my home network, it is only happening to my laptop (wifi connection)
When I take my laptop to work (differnet connection, hard wire ethernet) this issue stops.

Any clue?

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 28 September 2008 - 11:55 AM

Alright.. that implicates the DNS servers for your ISP. It's not your machine's fault I think. This will get around that:

Go to Start -> Control Panel -> Network Connections

Right click on the adapter representing your wireless adapter and choose properties.

Hilight "Internet Protocol (TCP/IP)" in the protocols list and select properties.

Push the radio button to enter DNS servers manually (At the bottom of the window)

Enter the following addresses for dns resolution:
208.67.222.222
208.67.222.220

Press ok a bunch of times, accepting prompts as you go.

Reboot and see if the problem persists.

Billy3

EDIT: I found some better instructions here:
https://www.opendns.com/homenetwork/start/device/windows-xp

Billy3

Edited by Billy O'Neal, 29 September 2008 - 02:49 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 02 October 2008 - 12:52 PM

Hello, dhfmnx.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 dhfmnx

dhfmnx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 03 October 2008 - 04:26 PM

Hey billy - sorry for the delay again - to much to do!
I will make sure to test the DNS thing bright and early tomorrow >> thanks again for your help

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 04 October 2008 - 08:10 PM

No problem :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:33 AM

Posted 09 October 2008 - 02:59 PM

Hello, dhfmnx.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users