Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - htv8


  • Please log in to reply
16 replies to this topic

#1 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:13 PM

Posted 08 October 2005 - 05:01 AM

Hello,

My computer is infected with at least 8 viruses that can't be removed by Norton Antivirus and Hitman Pro (Collection of Anit-Spyware and -Adware programs). 'Cretemonster' has advised me to run HijackThis v1.99.1 and post the logfile on the forum.

Thanking you in advance,

htv8

----------
HijackThis Logfile
----------

Logfile of HijackThis v1.99.1
Scan saved at 11:55:24, on 8-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\ServerControl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Pinnacle\ShowCenter\MediaServer\MediaServer.exe
C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VanDale\Grote woordenboeken\Engels\VDEN.exe
C:\Program Files\VanDale\Grote woordenboeken\Engels\VDNE.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LyraControl] C:\Program Files\Pinnacle\Shared Files\Programs\ServerControl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MindManager PDF Writer.lnk = C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ShowCenter Media Server - Pinnacle Systems - C:\Program Files\Pinnacle\ShowCenter\MediaServer\MediaServer.exe
O23 - Service: ShowCenter Streaming Server - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by htv8, 08 October 2005 - 07:12 AM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2005 - 05:20 AM

Hey htv8 and Welcome to the Bleeping Computer!

Thanks for following the instructions from the Chatroom! :thumbsup:

We will do this in a process of steps,so bare with me!


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!


Download Pocket KillBox from here:
http://www.atribune.org/downloads/KillBox.exe

Highlight the list below and press Ctrl+C to Copy!

C:\WINDOWS\system32\winlog.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\Program Files\Common Files\mc-58-12-0000140.exe
C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe


Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Once in Safe Mode,run each of the entries below through Killbox again to ensure nothing survived!

C:\WINDOWS\system32\winlog.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\Program Files\winsupdater
C:\Program Files\DNS
C:\Program Files\Common Files\mc-58-12-0000140.exe
C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe


As you paste each entry into Killbox-> Place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"


Click the Red Circle with the White X in the Middle to Delete!


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)

O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto

O4 - HKLM\..\Run: [] winlog.exe

O4 - HKLM\..\RunServices: [] winlog.exe
"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe

O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!


Still in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!


Restart Normal and Download and unzip BFUzip from HERE

Right Click the Zip folder and select "Extract All"

Locate and double click BFU.exe

Now locate and click the Greenish Blue globe with the chord plugged into it!

When the next small window pops up-> Copy&Paste this URL into it and click OK!
http://webpages.charter.net/cretemonster/p2pnetwork.bfu

Now click the execute button and let the script run!


Once all this is Completed-> Post back with a fresh HijackThis log and the report from WinPFind!

#3 htv8

htv8
  • Topic Starter

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 08 October 2005 - 06:27 AM

----------
HijackThis Logfile [normal]
----------

Logfile of HijackThis v1.99.1
Scan saved at 13:23:34, on 8-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\ServerControl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
C:\Program Files\Pinnacle\ShowCenter\MediaServer\MediaServer.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LyraControl] C:\Program Files\Pinnacle\Shared Files\Programs\ServerControl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MindManager PDF Writer.lnk = C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ShowCenter Media Server - Pinnacle Systems - C:\Program Files\Pinnacle\ShowCenter\MediaServer\MediaServer.exe
O23 - Service: ShowCenter Streaming Server - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



----------
WinPFind log
----------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 6-7-2004 11:39:48 545280 C:\WINDOWS\flashax.exe
UPX! 6-10-2004 13:43:22 93716 C:\WINDOWS\snt.exe

Checking %System% folder...
PEC2 8-4-2003 14:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 11-4-2000 19:44:56 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll
PECompact2 8-9-2005 21:36:34 2004832 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8-9-2005 21:36:34 2004832 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4-8-2004 10:03:00 729088 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4-8-2004 10:03:20 676864 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8-4-2003 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 28-2-2005 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe

Checking %System%\Drivers folder and sub-folders...
PTech 4-8-2004 7:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8-10-2005 12:50:22 S 2048 C:\WINDOWS\bootstat.dat
11-9-2005 14:39:28 RHS 227 C:\WINDOWS\assembly\Desktop.ini
8-10-2005 10:47:06 HS 2 C:\WINDOWS\system32\cmd.com
8-10-2005 10:47:06 HS 2 C:\WINDOWS\system32\netstat.com
8-10-2005 10:47:06 HS 2 C:\WINDOWS\system32\ping.com
8-10-2005 10:47:06 HS 2 C:\WINDOWS\system32\regedit.com
8-10-2005 10:47:06 HS 2 C:\WINDOWS\system32\taskkill.com
8-10-2005 10:47:06 HS 2 C:\WINDOWS\system32\tasklist.com
8-10-2005 10:47:06 HS 2 C:\WINDOWS\system32\tracert.com
8-10-2005 12:43:22 H 886 C:\WINDOWS\system32\vsconfig.xml
12-8-2005 22:31:24 S 75078 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem49.CAT
8-10-2005 12:50:14 H 8192 C:\WINDOWS\system32\config\default.LOG
8-10-2005 12:50:36 H 1024 C:\WINDOWS\system32\config\SAM.LOG
8-10-2005 12:50:24 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
8-10-2005 13:01:16 H 307200 C:\WINDOWS\system32\config\software.LOG
8-10-2005 12:50:28 H 917504 C:\WINDOWS\system32\config\system.LOG
4-8-2006 9:18:42 S 18 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
4-8-2006 9:18:44 S 19359 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
4-8-2006 9:18:42 S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
4-8-2006 9:18:44 S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
4-8-2006 9:15:36 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\13d408a2-66f6-445e-89b2-2eb55df142b6
20-8-2005 23:24:36 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\40490b73-40c6-45f6-99b0-3488cff2448f
3-9-2006 14:42:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\97bb71ff-4474-47d6-8830-83172db9e07d
8-10-2005 12:48:20 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4-8-2004 10:03:36 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4-8-2004 10:03:36 554496 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4-8-2004 10:03:36 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 1-6-2004 11:02:30 282624 C:\WINDOWS\SYSTEM32\CamCpl.cpl
Microsoft Corporation 4-8-2004 10:03:36 137728 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4-8-2004 10:03:36 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4-8-2004 10:03:36 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4-8-2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4-8-2004 10:03:36 132608 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4-8-2004 10:03:36 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4-8-2004 10:03:36 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 20-2-2003 16:42:34 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8-4-2003 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4-8-2004 10:03:36 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8-4-2003 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4-8-2004 10:03:36 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4-8-2004 10:03:36 260608 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 4-8-2004 10:03:36 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Tracker Software Products 18-12-2002 10:26:24 R 15360 C:\WINDOWS\SYSTEM32\pdfSaver.cpl
Microsoft Corporation 4-8-2004 10:03:36 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 23-9-2004 18:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 4-8-2004 10:03:38 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8-4-2003 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4-8-2004 10:03:38 94720 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4-8-2004 10:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26-5-2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8-4-2003 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8-4-2003 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8-4-2003 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26-5-2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
25-1-2005 13:27:22 1824 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
25-7-2004 7:18:34 986 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
11-9-2005 13:29:30 1851 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ATI CATALYST System Tray.lnk
25-2-2004 20:42:56 HS 84 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
16-7-2004 11:34:54 1885 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
7-10-2005 17:28:34 1925 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MindManager PDF Writer.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
25-2-2004 21:28:16 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
25-2-2004 20:42:56 HS 84 C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\desktop.ini
6-8-2005 16:08:00 1685 C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Stardock ObjectDock.lnk

Checking files in %USERPROFILE%\Application Data folder...
25-2-2004 21:28:16 HS 62 C:\Documents and Settings\Mark\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}
QUICKfind BHO Object = C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
&Onderzoekscentrum = C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Onderzoek :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
ButtonText = Onderzoekscentrum :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
&Onderzoekscentrum = C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
PaperPort PTD C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
LogitechGalleryRepair C:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray C:\Program Files\Logitech\ImageStudio\LogiTray.exe
LVCOMSX C:\WINDOWS\System32\LVCOMSX.EXE
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
LyraControl C:\Program Files\Pinnacle\Shared Files\Programs\ServerControl.exe
PinnacleDriverCheck C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
EM_EXEC C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
Zone Labs Client C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
LogitechSoftwareUpdate "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
DesktopX "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} =
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8-10-2005 13:08:14
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2005 - 06:40 AM

Ok,lets try this!

Copy the text below into a blank notepad page and Save it to the Desktop as Clr.reg!


REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]


Dont run it yet,go back into Safe Mode and double click Clr.reg and allow it to merge into the registry!


While in Safe Mode-> Open BFU and execute the script just as you did in Chat!

Execute the script and allow it to run!

Scan once more with WinPFind and post back with the WinPFind log please!

#5 htv8

htv8
  • Topic Starter

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:13 PM

Posted 08 October 2005 - 07:10 AM

----------
bfu logfile
----------

BFU v1.00.7
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 13:56:15, on 8-10-2005

Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: FileDelete C:\temp.zip (operation failed)
Failed: FileDelete C:\x.txt (operation failed)
Failed: FileDelete C:\z.txt (operation failed)
Failed: FileDelete C:\z.tmp (operation failed)
Failed: FileDelete C:\xz.exe (operation failed)
Option pause between commands: 300 ms
Failed: FileDelete C:\WINDOWS\system32\p2pnetwork.exe (operation failed)
Failed: FileDelete C:\WINDOWS\system32\scvhost.exe (operation failed)
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FileDelete C:\WINDOWS\system32\CMD.COM (operation failed)
Failed: FileDelete C:\WINDOWS\system32\netstat.com (operation failed)
Failed: FileDelete C:\WINDOWS\system32\ping.com (operation failed)
Failed: FileDelete C:\WINDOWS\system32\regedit.com (operation failed)
Failed: FileDelete C:\WINDOWS\system32\tasklist.com (operation failed)
Failed: FileDelete C:\WINDOWS\system32\taskkill.com (operation failed)
Failed: FileDelete C:\WINDOWS\system32\taskmgr.com (operation failed)
Failed: FileDelete C:\WINDOWS\system32\tracert.com (operation failed)
Failed: FileDelete C:\WINDOWS\system32\bszip.dll (operation failed)
Script completed.



----------
WinPFind logfile
----------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 6-7-2004 11:39:48 545280 C:\WINDOWS\flashax.exe
UPX! 6-10-2004 13:43:22 93716 C:\WINDOWS\snt.exe

Checking %System% folder...
PEC2 8-4-2003 14:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 11-4-2000 19:44:56 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll
PECompact2 8-9-2005 21:36:34 2004832 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8-9-2005 21:36:34 2004832 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4-8-2004 10:03:00 729088 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4-8-2004 10:03:20 676864 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8-4-2003 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 28-2-2005 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe

Checking %System%\Drivers folder and sub-folders...
PTech 4-8-2004 7:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8-10-2005 13:53:30 S 2048 C:\WINDOWS\bootstat.dat
11-9-2005 14:39:28 RHS 227 C:\WINDOWS\assembly\Desktop.ini
8-10-2005 13:12:24 H 886 C:\WINDOWS\system32\vsconfig.xml
12-8-2005 22:31:24 S 75078 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem49.CAT
8-10-2005 13:53:20 H 8192 C:\WINDOWS\system32\config\default.LOG
8-10-2005 13:54:24 H 1024 C:\WINDOWS\system32\config\SAM.LOG
8-10-2005 13:53:30 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
8-10-2005 13:54:24 H 61440 C:\WINDOWS\system32\config\software.LOG
8-10-2005 13:53:34 H 917504 C:\WINDOWS\system32\config\system.LOG
4-8-2006 9:18:42 S 18 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
4-8-2006 9:18:44 S 19359 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
4-8-2006 9:18:42 S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
4-8-2006 9:18:44 S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
4-8-2006 9:15:36 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\13d408a2-66f6-445e-89b2-2eb55df142b6
20-8-2005 23:24:36 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\40490b73-40c6-45f6-99b0-3488cff2448f
3-9-2006 14:42:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\97bb71ff-4474-47d6-8830-83172db9e07d
8-10-2005 13:51:28 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4-8-2004 10:03:36 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4-8-2004 10:03:36 554496 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4-8-2004 10:03:36 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 1-6-2004 11:02:30 282624 C:\WINDOWS\SYSTEM32\CamCpl.cpl
Microsoft Corporation 4-8-2004 10:03:36 137728 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4-8-2004 10:03:36 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4-8-2004 10:03:36 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4-8-2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4-8-2004 10:03:36 132608 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4-8-2004 10:03:36 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4-8-2004 10:03:36 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 20-2-2003 16:42:34 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8-4-2003 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4-8-2004 10:03:36 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8-4-2003 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4-8-2004 10:03:36 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4-8-2004 10:03:36 260608 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 4-8-2004 10:03:36 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Tracker Software Products 18-12-2002 10:26:24 R 15360 C:\WINDOWS\SYSTEM32\pdfSaver.cpl
Microsoft Corporation 4-8-2004 10:03:36 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 23-9-2004 18:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 4-8-2004 10:03:38 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8-4-2003 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4-8-2004 10:03:38 94720 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4-8-2004 10:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26-5-2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8-4-2003 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8-4-2003 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8-4-2003 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26-5-2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
25-1-2005 13:27:22 1824 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
25-7-2004 7:18:34 986 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
11-9-2005 13:29:30 1851 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ATI CATALYST System Tray.lnk
25-2-2004 20:42:56 HS 84 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
16-7-2004 11:34:54 1885 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
7-10-2005 17:28:34 1925 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MindManager PDF Writer.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
25-2-2004 21:28:16 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
25-2-2004 20:42:56 HS 84 C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\desktop.ini
6-8-2005 16:08:00 1685 C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Stardock ObjectDock.lnk

Checking files in %USERPROFILE%\Application Data folder...
25-2-2004 21:28:16 HS 62 C:\Documents and Settings\Mark\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}
QUICKfind BHO Object = C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
&Onderzoekscentrum = C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Onderzoek :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
ButtonText = Onderzoekscentrum :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
&Onderzoekscentrum = C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
PaperPort PTD C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
LogitechGalleryRepair C:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray C:\Program Files\Logitech\ImageStudio\LogiTray.exe
LVCOMSX C:\WINDOWS\System32\LVCOMSX.EXE
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
LyraControl C:\Program Files\Pinnacle\Shared Files\Programs\ServerControl.exe
PinnacleDriverCheck C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
EM_EXEC C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
Zone Labs Client C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
LogitechSoftwareUpdate "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
DesktopX "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} =
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8-10-2005 14:02:16
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2005 - 07:36 AM

Excellent Work and Thank you very much for testng that theory out as it seems to have worked well!

Lets get the entire PC scanned while you are gone!

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#7 htv8

htv8
  • Topic Starter

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 08 October 2005 - 05:47 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 65455
Number of viruses found: 16
Number of infected objects: 210
Number of suspicious objects: 2
Duration of the scan process: 3235 sec

Infected Object Name - Virus Name
C:\!KillBox\a.tmp Infected: Worm.Win32.VB.an
C:\!KillBox\a.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\!KillBox\a.zip Infected: Worm.Win32.VB.an
C:\!KillBox\winlog.exe Infected: Backdoor.Win32.Rbot.adx
C:\!KillBox\winsupdater.exe Infected: Worm.Win32.VB.an
C:\at.exe Infected: Backdoor.Win32.Rbot.adx
C:\Documents and Settings\Mark\Complete\ Cinema 4d V.9.507 Production Bundle.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\ Cinema 4d V.9.507 Production Bundle.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\ HDDLife Pro 2.5.74.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\ HDDLife Pro 2.5.74.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\ Network LookOut Administrator v1.6.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\ Network LookOut Administrator v1.6.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\ACDSee 8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\ACDSee 8.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Advanced Call Corder V3.6.0.181.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Advanced Call Corder V3.6.0.181.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Advanced Installer Professional 3.3.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Advanced Installer Professional 3.3.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ahead Nero 7.0 Premium Edition.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ahead Nero 7.0 Premium Edition.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Alias Maya Unlimited V7.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Alias Maya Unlimited V7.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Alias MotionBuilder 7.0 Professional.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Alias MotionBuilder 7.0 Professional.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\All-in-one Honestech Software.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\All-in-one Honestech Software.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Amazon Dvd Shrinker V2.4.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Amazon Dvd Shrinker V2.4.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ashampoo Powerup Xp Platinum 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ashampoo Powerup Xp Platinum 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\AutoRun Assistant Pro 3.0.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\AutoRun Assistant Pro 3.0.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Autorun Pro Enterprise V2.0.0.16.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Autorun Pro Enterprise V2.0.0.16.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Black & White 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Black & White 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Blaze DVD Player v4.0 Pro.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Blaze DVD Player v4.0 Pro.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Caribbean Nights Screensaver Retail.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Caribbean Nights Screensaver Retail.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Corel DESIGNER 10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Corel DESIGNER 10.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Deadhunt.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Deadhunt.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Eyeonline Digital Fusion v5.0 incl. Render Slave.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Eyeonline Digital Fusion v5.0 incl. Render Slave.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\F-Secure Internet Security 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\F-Secure Internet Security 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\FATE 1.21.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\FATE 1.21.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\FIFA 06 Clone DVD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\FIFA 06 Clone DVD.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Final Fantasy VII iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Final Fantasy VII iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Half-Life 2D - Codename Gordon.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Half-Life 2D - Codename Gordon.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Home Plan Pro 5.1.39 Full.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Home Plan Pro 5.1.39 Full.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Just like heaven.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Just like heaven.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Kaspersky Antivirus Personal Pro 5.0388.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Kaspersky Antivirus Personal Pro 5.0388.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Lego Star Wars.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Lego Star Wars.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Limewire Pro V4.9.32.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Limewire Pro V4.9.32.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\LimeWire PRO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\LimeWire PRO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Macromedia All In One.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Macromedia All In One.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\McFunSoft Audio Editor v2.6.4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\McFunSoft Audio Editor v2.6.4.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Miss Congeniality 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Miss Congeniality 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Morpheus Ultra V5.0.0.801.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Morpheus Ultra V5.0.0.801.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\MPEG Video Wizard vMarch 2005-Retail.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\MPEG Video Wizard vMarch 2005-Retail.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Neotrace Pro v3.01.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Neotrace Pro v3.01.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\NERO 7 Premium.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\NERO 7 Premium.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Nero 7 Ultra Edition Full.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Nero 7 Ultra Edition Full.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Nero v7.0 Ultra Edition.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Nero v7.0 Ultra Edition.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Norton AntiVirus 2006 Beta.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Norton AntiVirus 2006 Beta.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Norton WinDoctor 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Norton WinDoctor 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\O&O CleverCache V6.0 Professional Edition.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\O&O CleverCache V6.0 Professional Edition.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Pc Adrenalin 1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Pc Adrenalin 1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Perfect Ace 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Perfect Ace 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\PicDownloader v4.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\PicDownloader v4.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Prison Tycoon.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Prison Tycoon.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\PS2 Spartan Total Warrior.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\PS2 Spartan Total Warrior.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Rag Doll Kung Fu.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Rag Doll Kung Fu.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\S.W.A.T DVD Rip Xvid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\S.W.A.T DVD Rip Xvid.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Samurize 1.63.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Samurize 1.63.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Spyware Doctor v3.2.1.359.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Spyware Doctor v3.2.1.359.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Squad Assault Second Wave.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Squad Assault Second Wave.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Star Wars Republic Commando.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Star Wars Republic Commando.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Street Racing Syndicate.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Street Racing Syndicate.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Stronghold.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Stronghold.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\System Safety Monitor 2.0.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\System Safety Monitor 2.0.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\T.H.U.G 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\T.H.U.G 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\The Cave.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\The Cave.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\The Devils Rejects.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\The Devils Rejects.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\The Transporter 2 [2005].zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\The Transporter 2 [2005].zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Thief 3 Deadly Shadows.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Thief 3 Deadly Shadows.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Tony Hawks Pro Skater 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Tony Hawks Pro Skater 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Transporter 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Transporter 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Tsunami Mpeg Dvd Author Pro V2.1.5.76.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Tsunami Mpeg Dvd Author Pro V2.1.5.76.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ulead Cd And Dvd Pictureshow 4.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ulead Cd And Dvd Pictureshow 4.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ulead MediaStudio Pro 7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Ulead MediaStudio Pro 7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Unreal Tournament GOTY.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Unreal Tournament GOTY.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\WinImage Professional 7.0h.7009.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\WinImage Professional 7.0h.7009.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Winrar Corp Version.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Winrar Corp Version.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Winternals ERD Commander.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Winternals ERD Commander.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\WinTools.net Professional 6.3.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\WinTools.net Professional 6.3.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\WinZip 10.0 Build 6604 Beta.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\WinZip 10.0 Build 6604 Beta.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Xp Recovery Cd Maker V1.01.06.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Complete\Xp Recovery Cd Maker V1.01.06.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\846NTT8J\_al[1].exe/mc-58-12-0000140.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.f
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\846NTT8J\_al[1].exe Infected: not-a-virus:AdWare.Win32.Maxifiles.f
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\YHRJKCD5\launcher[1].exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l
C:\Program Files\Common Files\Download\mc-58-12-0000140.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l
C:\Program Files\Common Files\services.exe Infected: not-a-virus:AdWare.Maxifiles.j
C:\Program Files\Norton AntiVirus\Quarantine\070C7FD4 Infected: Email-Worm.Win32.Bagle.j
C:\Program Files\Norton AntiVirus\Quarantine\12C55386.tmp Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\13B7767C Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\13E7225B.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\14D36A1A Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\Program Files\Norton AntiVirus\Quarantine\17F864F2 Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\1E8E42FC.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\1FBF7FA7.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\208C54C5.exe Infected: Trojan.Win32.VB.aad
C:\Program Files\Norton AntiVirus\Quarantine\20F83E4E.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\21293418.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\215455EA.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\231C3425/dtvjvi.exe Suspicious: Password-protected-EXE
C:\Program Files\Norton AntiVirus\Quarantine\231C3425 Suspicious: Password-protected-EXE
C:\Program Files\Norton AntiVirus\Quarantine\23E4576E.class Infected: Trojan-Downloader.Java.OpenStream.t
C:\Program Files\Norton AntiVirus\Quarantine\26671C54.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\26E357CB.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\2780371E.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\27B800E1.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\27E976AB.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\291F54C2 Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\Program Files\Norton AntiVirus\Quarantine\2AE80BB5.class Infected: Trojan-Downloader.Java.OpenStream.t
C:\Program Files\Norton AntiVirus\Quarantine\343537C7 Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\Program Files\Norton AntiVirus\Quarantine\34B010C1 Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\Program Files\Norton AntiVirus\Quarantine\35206A77 Infected: Trojan-Downloader.Java.OpenStream.t
C:\Program Files\Norton AntiVirus\Quarantine\3CA94A79.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\41AE3277.exe Infected: P2P-Worm.Win32.Krepper.c
C:\Program Files\Norton AntiVirus\Quarantine\41F64E28.exe Infected: P2P-Worm.Win32.Krepper.c
C:\Program Files\Norton AntiVirus\Quarantine\490D15A7.exe Infected: Backdoor.Win32.SdBot.gen
C:\Program Files\Norton AntiVirus\Quarantine\49722B38.exe Infected: Backdoor.Win32.SdBot.gen
C:\Program Files\Norton AntiVirus\Quarantine\55C16FAC.exe Infected: P2P-Worm.Win32.Purol.b
C:\Program Files\Norton AntiVirus\Quarantine\6D53345C Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\Program Files\Norton AntiVirus\Quarantine\6D590854 Infected: not-a-virus:AdWare.Win32.Maxifiles.f
C:\Program Files\Norton AntiVirus\Quarantine\6EE832C2 Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\Program Files\Norton AntiVirus\Quarantine\6F0052E1.exe Infected: P2P-Worm.Win32.Krepper.c
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP553\A0157354.EXE Infected: Trojan-Clicker.Win32.Delf.dm
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP553\A0157355.exe Infected: Trojan-Clicker.Win32.Delf.dm
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158350.exe Infected: Backdoor.Win32.Rbot.adx
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158351.exe Infected: not-a-virus:AdWare.Maxifiles.j
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158360.exe Infected: Worm.Win32.VB.an
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158452.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158454.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158455.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.f
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158461.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158461.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158463.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158467.exe Infected: Backdoor.Win32.Rbot.adx
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158468.exe Infected: Backdoor.Win32.Rbot.adx
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158496.exe Infected: Backdoor.Win32.Rbot.adx
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158497.exe Infected: Worm.Win32.VB.an
C:\System Volume Information\_restore{3BC45DB4-0852-447E-A00A-97D05452EA8F}\RP556\A0158578.exe Infected: Trojan.Win32.Dialer.cp
C:\WINDOWS\system32\a.exe/mc-58-12-0000140.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.f
C:\WINDOWS\system32\a.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.f

Scan process completed.

----------

OK, Cretemonster. These are the results of the Kaspersky Online Scanner. What should I do next? Of course I have to delete these files...

Thanks a lot for your online help. Thanks for your instructions from the chatroom!

Edited by htv8, 08 October 2005 - 05:50 PM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2005 - 06:25 PM

No problems partner,we did this together! :thumbsup:

Go to Safe Mode and run each of these entries through Killbox!


C:\at.exe
C:\Documents and Settings\Mark\Complete
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\846NTT8J\_al[1].exe
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\YHRJKCD5\launcher[1].exe
C:\Program Files\Common Files\Download\mc-58-12-0000140.exe
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\a.exe



As you paste each entry into Killbox place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Deltree(Include Subdirectories)"



Whatever you have to do,make sure you get rid of this folder

C:\Documents and Settings\Mark\Complete

Restart Normal and have one last Online Scan to be sure is left
http://support.f-secure.com/enu/home/ols.shtml

Save any results from the scan and please confirm that folder was deleted!

#9 htv8

htv8
  • Topic Starter

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:13 PM

Posted 09 October 2005 - 02:00 AM

Restart Normal and have one last Online Scan to be sure is left
http://support.f-secure.com/enu/home/ols.shtml

The F-Secure Virusscanner doesn't work. It tells me it's unable to download databases.

Edited by htv8, 09 October 2005 - 02:02 AM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2005 - 04:34 AM

How did the file and folder deletion go?

Try this scan here
http://www.pandasoftware.com/products/acti...n_principal.htm

#11 htv8

htv8
  • Topic Starter

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 09 October 2005 - 05:39 AM

How did the file and folder deletion go?

Well, I think I have killed all the corrupt files with Killbox. Only the F-Secure Virusscanner doesn't work. I'll try this one.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#12 htv8

htv8
  • Topic Starter

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:13 PM

Posted 12 October 2005 - 01:27 PM

OK. I have scanned my computer again. 4 viruses have been found in C:\!KillBox. What do I have to do next? Delete al the items in this folder (there are more items in it)? By the way, I have run again all my Anti-Spyware and -Adware programs.

Thanking you in advance.

Edited by htv8, 12 October 2005 - 01:29 PM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 October 2005 - 03:40 AM

You cab delete the entire !Killbox folder now and empty the Recycle Bin!

Check these 2 little programs out to add some security to the PC

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?

#14 htv8

htv8
  • Topic Starter

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 14 October 2005 - 02:12 AM

OK, I have downloaded SpywareBlaster and put the WinHelp2002 Hosts File into the right folder.
About MSconfig, I don't know what options I have to modify. In spite of that, I think the computer could start up faster. I don't know what programs I have to uncheck and what to check. I noticed that some programs I once have deleted, are still mentioned under the 'Start Up' tab in MSConfig.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 October 2005 - 04:48 AM

Sorry for these delays,work just got crazy this week!

Lets get ya finished up!

When you go into Msconfig-> Click the Tab labeled Startup!

Look at all the entries there with a check by them!

To determine if they are needed or not,a simple search on google will yield the results you want!

About the ony entries checked in mine are the Antivirus and keyboard!

Let me know if you need some help with this!

Go ahead and renable System Restore!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users