Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Virus's / Trojan's, Hjt Posted


  • Please log in to reply
12 replies to this topic

#1 feroxvaleo

feroxvaleo

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 27 December 2006 - 03:10 PM

i'm running winxp home edition.

ive used avast, AVG, spybot and Ad-aware. They detect multiple spy/ad/malwares and even though i remove them with said programs they keep coming back.

Logfile of HijackThis v1.99.1
Scan saved at 12:02:01 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MSWINSCK.OCX
O4 - Startup: SYSINFO.OCX
O4 - Startup: Win32.dll
O4 - Startup: win32.exe
O4 - Startup: Windows SN sk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:15 AM

Posted 27 December 2006 - 03:38 PM

Hello feroxvaleo and welcome to the BC HijackThis forum. To start, remove either Avast or AVG. It is not recommend to have more than 1 anti-virus running at the same time because they can conflict with each other and cause file access issues.

Next, download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 feroxvaleo

feroxvaleo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 27 December 2006 - 04:14 PM

WinPFind3 logfile created on: 12/27/2006 1:08:27 PM
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\Brian\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
ashdisp.exe -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe -> [Ver = 5, 0, 0, 0 | Size = 108160 bytes | Modified Date = 9/25/2006 8:42:08 AM | Attr = ]
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 889, 0 | Size = 108160 bytes | Modified Date = 9/25/2006 8:42:02 AM | Attr = ]
aswupdsv.exe -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 9/25/2006 8:32:08 AM | Attr = ]
avgamsvr.exe -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Modified Date = 6/14/2006 10:21:40 AM | Attr = ]
avgcc.exe -> C:\Program Files\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,406 | Size = 369664 bytes | Modified Date = 9/26/2006 12:31:08 PM | Attr = ]
avgemc.exe -> C:\Program Files\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,400 | Size = 281088 bytes | Modified Date = 8/10/2006 7:04:58 AM | Attr = ]
avgupsvc.exe -> C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Modified Date = 6/14/2006 10:21:42 AM | Attr = ]
ezsp_px.exe -> C:\WINDOWS\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.9: 2006120612 | Size = 7200365 bytes | Modified Date = 12/21/2006 7:15:26 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
lexbces.exe -> C:\WINDOWS\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
lexpps.exe -> C:\WINDOWS\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 169984 bytes | Modified Date = 3/8/2002 3:30:24 AM | Attr = ]
lxsupmon.exe -> C:\WINDOWS\system32\LXSUPMON.EXE -> Lexmark International Inc. [Ver = 3.1.111.1 | Size = 900096 bytes | Modified Date = 3/8/2002 4:02:56 AM | Attr = ]
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr = ]
pctspk.exe -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 2:36:54 PM | Attr = ]
starwindservice.exe -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 1:51:48 AM | Attr = ]
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Brian\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 12/26/2006 9:48:50 PM | Attr = ]
wrsssdk.exe -> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,5,402 | Size = 2114048 bytes | Modified Date = 10/24/2005 12:33:54 PM | Attr = ]
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 9/25/2006 8:32:08 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 889, 0 | Size = 108160 bytes | Modified Date = 9/25/2006 8:42:02 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 251520 bytes | Modified Date = 9/25/2006 8:41:44 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 370304 bytes | Modified Date = 9/25/2006 8:41:34 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Modified Date = 6/14/2006 10:21:40 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Modified Date = 6/14/2006 10:21:42 AM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,400 | Size = 281088 bytes | Modified Date = 8/10/2006 7:04:58 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.0.05.10290 | Size = 53337 bytes | Modified Date = 10/29/2004 1:20:54 AM | Attr = ]
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 2:36:54 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.0.05.10290 | Size = 69718 bytes | Modified Date = 10/29/2004 1:18:24 AM | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 1:51:48 AM | Attr = ]
(svcWRSSSDK) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,5,402 | Size = 2114048 bytes | Modified Date = 10/24/2005 12:33:54 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast! -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe -> [Ver = 5, 0, 0, 0 | Size = 108160 bytes | Modified Date = 9/25/2006 8:42:08 AM | Attr = ]
AVG7_CC -> C:\Program Files\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,406 | Size = 369664 bytes | Modified Date = 9/26/2006 12:31:08 PM | Attr = ]
Cmaudio -> RunDll32 cmicnfg.cpl -> File not found
ezShieldProtector for Px -> C:\WINDOWS\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 2:30:30 PM | Attr = ]
KernelFaultCheck -> -> File not found
LXSUPMON -> C:\WINDOWS\system32\LXSUPMON.EXE -> Lexmark International Inc. [Ver = 3.1.111.1 | Size = 900096 bytes | Modified Date = 3/8/2002 4:02:56 AM | Attr = ]
NvCplDaemon -> C:\WINDOWS\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
NvMediaCenter -> C:\WINDOWS\system32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 8:43:04 PM | Attr = ]
nwiz -> C:\WINDOWS\system32\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
Zone Labs Client -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> C:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
SpybotSD TeaTimer -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spy Sweeper Fix.lnk -> C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat -> [Ver = | Size = 317 bytes | Modified Date = 5/17/2005 3:59:06 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Brian\Start Menu\Programs\Startup
-> C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Win32.dll -> [Ver = | Size = 53 bytes | Modified Date = 12/27/2006 12:00:44 PM | Attr = ]
-> C:\Documents and Settings\Brian\Start Menu\Programs\Startup\win32.exe -> [Ver = | Size = 22528 bytes | Modified Date = 12/21/2006 3:44:22 PM | Attr = ]
-> C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Windows SN sk.exe -> [Ver = | Size = 459264 bytes | Modified Date = 12/7/2006 11:00:08 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spy Sweeper Fix.lnk -> C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat -> [Ver = | Size = 317 bytes | Modified Date = 5/17/2005 3:59:06 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
PWRISOVM.EXE -> C:\Program Files\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 184320 bytes | Modified Date = 3/17/2006 6:24:18 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 1/16/2006 11:10:02 PM | Attr = ]
RaidTool -> C:\Program Files\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 4, 0, 6, 0 | Size = 589824 bytes | Modified Date = 4/26/2005 11:22:32 AM | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8196 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.nsf -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
.spc -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.4.9.1024 | Size = 387072 bytes | Modified Date = 7/5/2005 4:48:22 PM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> C:\Program Files\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 9/25/2006 8:36:56 AM | Attr = ]
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [The Core Media Player Shell Extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 5:47:32 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> C:\Program Files\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 4,5,5,604 | Size = 411136 bytes | Modified Date = 10/24/2005 12:34:06 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Modified Date = 6/14/2006 10:21:42 AM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Modified Date = 6/14/2006 10:21:42 AM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{BF05BB6E-442C-428B-8025-82280B7BC26C} [HKLM] -> C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll [Zen Micro Media Explorer] -> Creative Technology Ltd [Ver = 4.0.16.0 | Size = 765952 bytes | Modified Date = 10/11/2004 4:31:30 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> C:\Program Files\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 9/25/2006 8:36:56 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Modified Date = 6/14/2006 10:21:42 AM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [CoreShellAgent] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 5:47:32 PM | Attr = ]
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> C:\Program Files\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 9/25/2006 8:36:56 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Modified Date = 6/14/2006 10:21:42 AM | Attr = ]
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> C:\Program Files\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 4,5,5,604 | Size = 411136 bytes | Modified Date = 10/24/2005 12:34:06 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{512FB7FC-FE56-4AD5-A793-D0F62E731FB4} -> (Motorola Wireless USB Adapter WU830G) ->
{86ED2F24-FD81-46CE-847D-0B82FADE3E29} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10711 bytes | Created Date = 12/17/2006 3:01:08 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 10879 bytes | Created Date = 12/16/2006 1:15:54 PM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9471 bytes | Created Date = 12/17/2006 3:01:35 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 19010 bytes | Created Date = 12/16/2006 1:17:50 PM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11089 bytes | Created Date = 12/16/2006 1:16:02 PM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/28/2006 12:41:15 PM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/28/2006 12:41:15 PM | Attr = H ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 28364 bytes | Created Date = 12/17/2006 3:01:00 AM | Attr = ]
ikhcore.log -> C:\WINDOWS\System32\ikhcore.log -> [Ver = | Size = 9151 bytes | Created Date = 12/7/2006 9:33:21 PM | Attr = ]

[Files - Modified Wihin 30 days]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2006 12:00:22 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/27/2006 11:59:38 AM | Attr = S]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 204024 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 744788 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 115760 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/17/2006 3:01:56 AM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10711 bytes | Modified Date = 12/17/2006 3:01:36 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 10879 bytes | Modified Date = 12/17/2006 3:01:02 AM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9471 bytes | Modified Date = 12/17/2006 3:01:54 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 19010 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11089 bytes | Modified Date = 12/17/2006 3:01:08 AM | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 37911 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 123703 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 382496 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 28561 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/28/2006 12:41:16 PM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/26/2006 12:09:22 PM | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32652 bytes | Modified Date = 12/27/2006 12:42:44 AM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 176682 bytes | Modified Date = 12/26/2006 10:35:14 AM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 28364 bytes | Modified Date = 12/26/2006 10:38:12 PM | Attr = ]
setupapi.log.0.old -> C:\WINDOWS\setupapi.log.0.old -> [Ver = | Size = 1025808 bytes | Modified Date = 12/14/2006 10:25:20 PM | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 293077 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 45761 bytes | Modified Date = 12/17/2006 3:02:10 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/26/2006 11:45:50 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/26/2006 11:45:50 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1405011 bytes | Modified Date = 12/27/2006 12:07:06 PM | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 128914 bytes | Modified Date = 12/22/2006 12:28:48 PM | Attr = ]
ikhcore.log -> C:\WINDOWS\System32\ikhcore.log -> [Ver = | Size = 9151 bytes | Modified Date = 12/8/2006 12:37:02 PM | Attr = ]
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [Ver = | Size = 81200 bytes | Modified Date = 12/27/2006 11:59:48 AM | Attr = ]
vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 12/27/2006 11:59:44 AM | Attr = H ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 12/18/2006 2:28:00 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 11/10/2005 1:38:40 PM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
PEC2 , -> C:\Program Files\Common Files\Sony Shared\AVLib\Metallic.dll -> Sony Corporation [Ver = 2.7.00.14160 | Size = 229376 bytes | Modified Date = 2/17/2004 8:16:12 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\aswBoot.exe -> [Ver = 4, 7, 892, 0 | Size = 666240 bytes | Modified Date = 9/25/2006 8:45:08 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\devil.dll -> Abysmal Software [Ver = 1.6.5 | Size = 269312 bytes | Modified Date = 7/19/2002 8:05:08 AM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> C:\WINDOWS\System32\DivX.dll -> DivX, Inc. [Ver = 6.2.2.3 | Size = 619156 bytes | Modified Date = 6/1/2006 2:06:58 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\ilu.dll -> Abysmal Software [Ver = 1.6.5 | Size = 27648 bytes | Modified Date = 7/19/2002 8:06:02 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\ilut.dll -> Abysmal Software [Ver = 1.6.5 | Size = 16384 bytes | Modified Date = 7/19/2002 8:06:42 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 7/12/2005 6:04:22 PM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> C:\WINDOWS\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7,1,0,407 | Size = 778656 bytes | Modified Date = 9/26/2006 12:31:04 PM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 9:41:38 PM | Attr = ]

< End of report >


wow, i cant believe that all fit! :thumbsup: Thanks so much OT for your attention!

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:15 AM

Posted 27 December 2006 - 05:24 PM

Hi feroxvaleo. It didn't look as bad as I thought. Let's do a little cleanup. Please follow the steps below in order.

Step #1

I still see that there are multiple anti-virus applications running on this computer (Avast and AVG). It is not recommended to have this because it can cause file access issues and if there is an infection the multiple programs can block each other from dealing with the infected file. I highly recommend that you choose which application you want to keep and uninstall the other one(s) to prevent these problems.

Step #2

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< User Startup > -> C:\Documents and Settings\Brian\Start Menu\Programs\Startup
NY -> -> C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Win32.dll
NY -> -> C:\Documents and Settings\Brian\Start Menu\Programs\Startup\win32.exe
NY -> -> C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Windows SN sk.exe
[Reboot]


The fix should only take a very short time and then you will be asked to reboot the machine. Choose Yes and allow the machine to reboot.

Step #3

Post the following back here:
  • a new WinPFind3U report
  • the latest .log file from the WinPFind3u folder (it will be a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 feroxvaleo

feroxvaleo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 27 December 2006 - 10:14 PM

WinPFind3 logfile created on: 12/27/2006 7:09:05 PM
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\Brian\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
aim.exe -> C:\Program Files\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
ezsp_px.exe -> C:\WINDOWS\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
lexbces.exe -> C:\WINDOWS\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
lexpps.exe -> C:\WINDOWS\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 169984 bytes | Modified Date = 3/8/2002 3:30:24 AM | Attr = ]
lxsupmon.exe -> C:\WINDOWS\system32\LXSUPMON.EXE -> Lexmark International Inc. [Ver = 3.1.111.1 | Size = 900096 bytes | Modified Date = 3/8/2002 4:02:56 AM | Attr = ]
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr = ]
pctspk.exe -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 2:36:54 PM | Attr = ]
reader_sl.exe -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
starwindservice.exe -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 1:51:48 AM | Attr = ]
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Brian\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 12/26/2006 9:48:50 PM | Attr = ]
wrsssdk.exe -> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,5,402 | Size = 2114048 bytes | Modified Date = 10/24/2005 12:33:54 PM | Attr = ]
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.0.05.10290 | Size = 53337 bytes | Modified Date = 10/29/2004 1:20:54 AM | Attr = ]
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 2:36:54 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.0.05.10290 | Size = 69718 bytes | Modified Date = 10/29/2004 1:18:24 AM | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 1:51:48 AM | Attr = ]
(svcWRSSSDK) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,5,402 | Size = 2114048 bytes | Modified Date = 10/24/2005 12:33:54 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast! -> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -> File not found
AVG7_CC -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe -> File not found
Cmaudio -> RunDll32 cmicnfg.cpl -> File not found
ezShieldProtector for Px -> C:\WINDOWS\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 2:30:30 PM | Attr = ]
KernelFaultCheck -> -> File not found
LXSUPMON -> C:\WINDOWS\system32\LXSUPMON.EXE -> Lexmark International Inc. [Ver = 3.1.111.1 | Size = 900096 bytes | Modified Date = 3/8/2002 4:02:56 AM | Attr = ]
NvCplDaemon -> C:\WINDOWS\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
NvMediaCenter -> C:\WINDOWS\system32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 8:43:04 PM | Attr = ]
nwiz -> C:\WINDOWS\system32\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
Zone Labs Client -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Win32 -> c:\documents and settings\brian\start menu\programs\startup\win32.exe -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> C:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
SpybotSD TeaTimer -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spy Sweeper Fix.lnk -> C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat -> [Ver = | Size = 317 bytes | Modified Date = 5/17/2005 3:59:06 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spy Sweeper Fix.lnk -> C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat -> [Ver = | Size = 317 bytes | Modified Date = 5/17/2005 3:59:06 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
PWRISOVM.EXE -> C:\Program Files\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 184320 bytes | Modified Date = 3/17/2006 6:24:18 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 1/16/2006 11:10:02 PM | Attr = ]
RaidTool -> C:\Program Files\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 4, 0, 6, 0 | Size = 589824 bytes | Modified Date = 4/26/2005 11:22:32 AM | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8196 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.nsf -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
.spc -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.4.9.1024 | Size = 387072 bytes | Modified Date = 7/5/2005 4:48:22 PM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [The Core Media Player Shell Extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 5:47:32 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> C:\Program Files\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 4,5,5,604 | Size = 411136 bytes | Modified Date = 10/24/2005 12:34:06 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{BF05BB6E-442C-428B-8025-82280B7BC26C} [HKLM] -> C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll [Zen Micro Media Explorer] -> Creative Technology Ltd [Ver = 4.0.16.0 | Size = 765952 bytes | Modified Date = 10/11/2004 4:31:30 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [CoreShellAgent] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 5:47:32 PM | Attr = ]
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> C:\Program Files\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 4,5,5,604 | Size = 411136 bytes | Modified Date = 10/24/2005 12:34:06 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{512FB7FC-FE56-4AD5-A793-D0F62E731FB4} -> (Motorola Wireless USB Adapter WU830G) ->
{86ED2F24-FD81-46CE-847D-0B82FADE3E29} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10711 bytes | Created Date = 12/17/2006 3:01:08 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 10879 bytes | Created Date = 12/16/2006 1:15:54 PM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9471 bytes | Created Date = 12/17/2006 3:01:35 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 19010 bytes | Created Date = 12/16/2006 1:17:50 PM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11089 bytes | Created Date = 12/16/2006 1:16:02 PM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/28/2006 12:41:15 PM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/28/2006 12:41:15 PM | Attr = H ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 28364 bytes | Created Date = 12/17/2006 3:01:00 AM | Attr = ]
ikhcore.log -> C:\WINDOWS\System32\ikhcore.log -> [Ver = | Size = 9151 bytes | Created Date = 12/7/2006 9:33:21 PM | Attr = ]

[Files - Modified Wihin 30 days]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2006 7:06:16 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/27/2006 7:05:46 PM | Attr = S]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 204024 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 744788 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 115760 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/17/2006 3:01:56 AM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10711 bytes | Modified Date = 12/17/2006 3:01:36 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 10879 bytes | Modified Date = 12/17/2006 3:01:02 AM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9471 bytes | Modified Date = 12/17/2006 3:01:54 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 19010 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11089 bytes | Modified Date = 12/17/2006 3:01:08 AM | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 37911 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 123703 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 382496 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 28561 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/28/2006 12:41:16 PM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/26/2006 12:09:22 PM | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32580 bytes | Modified Date = 12/27/2006 6:39:30 PM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 176682 bytes | Modified Date = 12/26/2006 10:35:14 AM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 28364 bytes | Modified Date = 12/26/2006 10:38:12 PM | Attr = ]
setupapi.log.0.old -> C:\WINDOWS\setupapi.log.0.old -> [Ver = | Size = 1025808 bytes | Modified Date = 12/14/2006 10:25:20 PM | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 293077 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 45761 bytes | Modified Date = 12/17/2006 3:02:10 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/26/2006 11:45:50 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/26/2006 11:45:50 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1437887 bytes | Modified Date = 12/27/2006 7:07:14 PM | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 128914 bytes | Modified Date = 12/22/2006 12:28:48 PM | Attr = ]
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 12/27/2006 6:28:44 PM | Attr = ]
ikhcore.log -> C:\WINDOWS\System32\ikhcore.log -> [Ver = | Size = 9151 bytes | Modified Date = 12/8/2006 12:37:02 PM | Attr = ]
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [Ver = | Size = 81200 bytes | Modified Date = 12/27/2006 7:05:58 PM | Attr = ]
vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 12/27/2006 7:05:52 PM | Attr = H ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 12/18/2006 2:28:00 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 11/10/2005 1:38:40 PM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
PEC2 , -> C:\Program Files\Common Files\Sony Shared\AVLib\Metallic.dll -> Sony Corporation [Ver = 2.7.00.14160 | Size = 229376 bytes | Modified Date = 2/17/2004 8:16:12 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\devil.dll -> Abysmal Software [Ver = 1.6.5 | Size = 269312 bytes | Modified Date = 7/19/2002 8:05:08 AM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> C:\WINDOWS\System32\DivX.dll -> DivX, Inc. [Ver = 6.2.2.3 | Size = 619156 bytes | Modified Date = 6/1/2006 2:06:58 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\ilu.dll -> Abysmal Software [Ver = 1.6.5 | Size = 27648 bytes | Modified Date = 7/19/2002 8:06:02 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\ilut.dll -> Abysmal Software [Ver = 1.6.5 | Size = 16384 bytes | Modified Date = 7/19/2002 8:06:42 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 7/12/2005 6:04:22 PM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 9:41:38 PM | Attr = ]

< End of report >

my computer keeps crashing after i uninstalled AVG and AVAST. i was hasty in uninstalling both of them because i was going to use a new virus scanner, but my computer is really wacky now. its rebooting like, every 3 minutes by itself.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:15 AM

Posted 27 December 2006 - 10:32 PM

Hi feroxvaleo. It doesn't look like Avast or AVG uninstalled completely. That could be causing some problems.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YN -> teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> avast! -> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
YN -> AVG7_CC -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> Win32 -> c:\documents and settings\brian\start menu\programs\startup\win32.exe
[Reboot]


The fix should only take a very short time. Your desktop and taskbar will disappear and then you will be asked to reboot the machine. Select Yes and allow the machine to reboot.

Post the following back here:
  • a new WinPFind3U report
  • the latest .log file from the WinPFind3u folder (it will be a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 feroxvaleo

feroxvaleo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 28 December 2006 - 05:18 PM

REPORT

WinPFind3 logfile created on: 12/28/2006 2:14:26 PM
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\Brian\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
aim.exe -> C:\Program Files\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
ezsp_px.exe -> C:\WINDOWS\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.9: 2006120612 | Size = 7200365 bytes | Modified Date = 12/21/2006 7:15:26 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
lexbces.exe -> C:\WINDOWS\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
lexpps.exe -> C:\WINDOWS\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 169984 bytes | Modified Date = 3/8/2002 3:30:24 AM | Attr = ]
lxsupmon.exe -> C:\WINDOWS\system32\LXSUPMON.EXE -> Lexmark International Inc. [Ver = 3.1.111.1 | Size = 900096 bytes | Modified Date = 3/8/2002 4:02:56 AM | Attr = ]
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr = ]
pctspk.exe -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 2:36:54 PM | Attr = ]
reader_sl.exe -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
starwindservice.exe -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 1:51:48 AM | Attr = ]
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Brian\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 12/26/2006 9:48:50 PM | Attr = ]
wrsssdk.exe -> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,5,402 | Size = 2114048 bytes | Modified Date = 10/24/2005 12:33:54 PM | Attr = ]
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.0.05.10290 | Size = 53337 bytes | Modified Date = 10/29/2004 1:20:54 AM | Attr = ]
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 2:36:54 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.0.05.10290 | Size = 69718 bytes | Modified Date = 10/29/2004 1:18:24 AM | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 1:51:48 AM | Attr = ]
(svcWRSSSDK) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,5,402 | Size = 2114048 bytes | Modified Date = 10/24/2005 12:33:54 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cmaudio -> RunDll32 cmicnfg.cpl -> File not found
ezShieldProtector for Px -> C:\WINDOWS\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 2:30:30 PM | Attr = ]
KernelFaultCheck -> -> File not found
LXSUPMON -> C:\WINDOWS\system32\LXSUPMON.EXE -> Lexmark International Inc. [Ver = 3.1.111.1 | Size = 900096 bytes | Modified Date = 3/8/2002 4:02:56 AM | Attr = ]
NvCplDaemon -> C:\WINDOWS\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
NvMediaCenter -> C:\WINDOWS\system32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 8:43:04 PM | Attr = ]
nwiz -> C:\WINDOWS\system32\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
Zone Labs Client -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> C:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
SpybotSD TeaTimer -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spy Sweeper Fix.lnk -> C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat -> [Ver = | Size = 317 bytes | Modified Date = 5/17/2005 3:59:06 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spy Sweeper Fix.lnk -> C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat -> [Ver = | Size = 317 bytes | Modified Date = 5/17/2005 3:59:06 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
PWRISOVM.EXE -> C:\Program Files\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 184320 bytes | Modified Date = 3/17/2006 6:24:18 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 1/16/2006 11:10:02 PM | Attr = ]
RaidTool -> C:\Program Files\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 4, 0, 6, 0 | Size = 589824 bytes | Modified Date = 4/26/2005 11:22:32 AM | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8196 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.nsf -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
.spc -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.4.9.1024 | Size = 387072 bytes | Modified Date = 7/5/2005 4:48:22 PM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [The Core Media Player Shell Extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 5:47:32 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> C:\Program Files\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 4,5,5,604 | Size = 411136 bytes | Modified Date = 10/24/2005 12:34:06 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{BF05BB6E-442C-428B-8025-82280B7BC26C} [HKLM] -> C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll [Zen Micro Media Explorer] -> Creative Technology Ltd [Ver = 4.0.16.0 | Size = 765952 bytes | Modified Date = 10/11/2004 4:31:30 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [CoreShellAgent] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 5:47:32 PM | Attr = ]
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 5124 | Size = 53316 bytes | Modified Date = 1/28/2005 1:27:12 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/17/2006 6:24:40 PM | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> C:\Program Files\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 4,5,5,604 | Size = 411136 bytes | Modified Date = 10/24/2005 12:34:06 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 2/11/2004 9:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{512FB7FC-FE56-4AD5-A793-D0F62E731FB4} -> (Motorola Wireless USB Adapter WU830G) ->
{86ED2F24-FD81-46CE-847D-0B82FADE3E29} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10711 bytes | Created Date = 12/17/2006 3:01:08 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 10879 bytes | Created Date = 12/16/2006 1:15:54 PM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9471 bytes | Created Date = 12/17/2006 3:01:35 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 19010 bytes | Created Date = 12/16/2006 1:17:50 PM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11089 bytes | Created Date = 12/16/2006 1:16:02 PM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 28364 bytes | Created Date = 12/17/2006 3:01:00 AM | Attr = ]
ikhcore.log -> C:\WINDOWS\System32\ikhcore.log -> [Ver = | Size = 9151 bytes | Created Date = 12/7/2006 9:33:21 PM | Attr = ]

[Files - Modified Wihin 30 days]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/28/2006 2:12:04 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/28/2006 2:11:48 PM | Attr = S]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 204024 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 744788 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 115760 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/17/2006 3:01:56 AM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10711 bytes | Modified Date = 12/17/2006 3:01:36 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 10879 bytes | Modified Date = 12/17/2006 3:01:02 AM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9471 bytes | Modified Date = 12/17/2006 3:01:54 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 19010 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11089 bytes | Modified Date = 12/17/2006 3:01:08 AM | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 37911 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 123703 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 382496 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 28561 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/27/2006 11:38:46 PM | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32580 bytes | Modified Date = 12/28/2006 2:10:30 PM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 176682 bytes | Modified Date = 12/26/2006 10:35:14 AM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 28364 bytes | Modified Date = 12/26/2006 10:38:12 PM | Attr = ]
setupapi.log.0.old -> C:\WINDOWS\setupapi.log.0.old -> [Ver = | Size = 1025808 bytes | Modified Date = 12/14/2006 10:25:20 PM | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 293077 bytes | Modified Date = 12/17/2006 3:02:16 AM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 45761 bytes | Modified Date = 12/17/2006 3:02:10 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 157 bytes | Modified Date = 12/27/2006 10:45:44 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/27/2006 10:45:44 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1477901 bytes | Modified Date = 12/28/2006 2:13:08 PM | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 128914 bytes | Modified Date = 12/22/2006 12:28:48 PM | Attr = ]
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 12/27/2006 6:28:44 PM | Attr = ]
ikhcore.log -> C:\WINDOWS\System32\ikhcore.log -> [Ver = | Size = 9151 bytes | Modified Date = 12/8/2006 12:37:02 PM | Attr = ]
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [Ver = | Size = 81200 bytes | Modified Date = 12/28/2006 2:12:10 PM | Attr = ]
vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 12/28/2006 2:11:52 PM | Attr = H ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 12/18/2006 2:28:00 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 11/10/2005 1:38:40 PM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
PEC2 , -> C:\Program Files\Common Files\Sony Shared\AVLib\Metallic.dll -> Sony Corporation [Ver = 2.7.00.14160 | Size = 229376 bytes | Modified Date = 2/17/2004 8:16:12 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\devil.dll -> Abysmal Software [Ver = 1.6.5 | Size = 269312 bytes | Modified Date = 7/19/2002 8:05:08 AM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> C:\WINDOWS\System32\DivX.dll -> DivX, Inc. [Ver = 6.2.2.3 | Size = 619156 bytes | Modified Date = 6/1/2006 2:06:58 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\ilu.dll -> Abysmal Software [Ver = 1.6.5 | Size = 27648 bytes | Modified Date = 7/19/2002 8:06:02 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\ilut.dll -> Abysmal Software [Ver = 1.6.5 | Size = 16384 bytes | Modified Date = 7/19/2002 8:06:42 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 7/12/2005 6:04:22 PM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 9:41:38 PM | Attr = ]

< End of report >

#8 feroxvaleo

feroxvaleo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 28 December 2006 - 05:21 PM

LOGFILE

Explorer killed successfully
[Processes - Non-Microsoft Only]
Process teatimer.exe killed successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\avast! deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Win32 deleted successfully.
File c:\documents and settings\brian\start menu\programs\startup\win32.exe not found!
< End of log >
Created on 12/28/2006 14:10:17


I'm still getting windows error pop-ups, along with the activex .OCX popups.

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:15 AM

Posted 28 December 2006 - 05:55 PM

Hi feroxvaleo. Everything in the log is gone now and it is clean. Let's do a little disk cleanup and run a scan with AVG Anti-Spyware. Please print these directions as you will need to boot into Safe Mode to run the scan.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Next, download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Cheers.

OT

Edited by OldTimer, 28 December 2006 - 05:55 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 feroxvaleo

feroxvaleo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 28 December 2006 - 11:48 PM

AVG report.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:40:47 PM 12/28/2006

+ Scan result:



C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Brian\Desktop\WinPFind3u\MovedFiles\win32.exe -> Backdoor.VB.kl : Cleaned with backup (quarantined).
C:\Documents and Settings\Brian\Desktop\fresh downloads\Downloads\Antispyware Compilation\Antispyware Compilation.rar/Antispyware Compilation\SpyRemover.v2.54\Patch\patch.exe -> Logger.Agent.nbq : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.219:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.220:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.221:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.85:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.86:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.87:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.99:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.53:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.217:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.34:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.216:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.139:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.114:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.115:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.116:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.67:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.30:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.31:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.160:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.161:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.92:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.93:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.94:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.95:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.165:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.166:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.173:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.174:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.175:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.176:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.88:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.185:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.186:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.187:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.190:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.191:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.192:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.193:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.194:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.195:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.196:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.55:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.56:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.64:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.19:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.20:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.21:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\u5e18drm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\SGFjdGFy\m3I3x3IV.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:15 AM

Posted 29 December 2006 - 12:18 AM

Hi feroxvaleo. That looks good. How are things running now? Are you still getting popups?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 feroxvaleo

feroxvaleo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 31 December 2006 - 07:58 PM

case closed OT. things working much better than they were. you're a champ. :D

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:15 AM

Posted 01 January 2007 - 09:57 AM

Glad to hear feroxvaleo. Let's do a little final cleanup and then you are all set.

We have a couple of last steps to perform and then you're all set.

First, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • CHECK Turn off System Restore.
    • Click Apply, and then click OK.
  • Restart your computer.
  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore.
    • Click Apply, and then click OK.
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should definitely have a good antivirus to stop infections before they can start and spread. Here are 2 free anti-virus programs that are available for personal use (I use these on various machines and they are both good):It is best to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly. Microsoft puts out new updates on the 2nd Tuesday of every month so be sure to check regularly.

And to keep your system clean be aware of what emails you open, what websites you visit, and update and run these free malware scanners once a week:To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users