Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Video Activex Object


  • Please log in to reply
5 replies to this topic

#1 cuervo08

cuervo08

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 30 December 2006 - 09:42 PM

I somehow downloaded something called Video Activex object and pop ups started to come up saying i had spyware and giving me a link to a place where i could download software that would help get rid of it. But i did a little research on it and foudn that the site it linked me to were stuff like malware and spyware that would "Scan" your computer but could not get rid of it unless you paid. But i didn't know that....me being slow :thumbsup: so i downloaded them :flowers: and then my computer started to act all slow and funny. i read some threads on it and downloaded Ad-Adware SE profesional ran a scan rebooted ran Spybot S&D ran a scan rebooted also...in both it said nothing was found. But internet windows still pop up redericting me to download site where to download "Trusted" software to remove the problem.

heres my Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:32:22 PM, on 12/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/spiderm.../vivid_ocx.jpeg
O16 - DPF: {3960FED7-8129-46AA-8DD4-ABCB0F74AE05} (FFChocoMotion Class) - http://www.monolith-prime.co.jp/morph/smart_morph_ax.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A9ECE670-4652-4763-98F0-8A3EADA7FDBF} (FrameFree Web Player-5) - http://download.framefree.com/load_ffwp_ac...,3,18,2_id5.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:41 PM

Posted 30 December 2006 - 11:10 PM

Hello cuervo08 and welcome to the BC HijackThis forum. Let's try a different scanner and see what else shows up.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 cuervo08

cuervo08
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 05 January 2007 - 09:27 PM

Thanks for the warm welcome OT,

Heres the report
what do you meen by " the last line is not <End Of Report> does that meen theres more then?
or did i get everything?



WinPFind3 logfile created on: 1/5/2007 8:09:42 PM
WinPFind3U by OldTimer - Version 1.0.8 Folder = C:\Documents and Settings\HP_Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

523564 Kb Total Physical Memory | 270624 Kb Available Physical Memory | 51.69% Memory free
1277752 Kb Paging File | 821092 Kb Available in Paging File | 64.26% Paging File free

%SystemDrive% = C:
Drive C: | 188629556 Kb Total Space | 62771296 Kb Free Space | 33.28% Free Space
Drive D: | 6707688 Kb Total Space | 758512 Kb Free Space | 11.31% Free Space
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
ad-watch.exe -> %ProgramFiles%\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 517632 bytes | Modified Date = 5/25/2005 12:12:36 PM | Attr = ]
apvxdwin.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\ApVxdWin.exe -> Panda Software International [Ver = 7.00.11 | Size = 311296 bytes | Modified Date = 9/13/2006 8:59:52 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 9:18:38 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 9:18:38 PM | Attr = ]
avengine.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\AVENGINE.EXE -> Panda Software International [Ver = 2, 0, 1840, 33 | Size = 106496 bytes | Modified Date = 8/8/2006 6:25:32 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
itunes.exe -> %ProgramFiles%\iTunes\iTunes.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 15338560 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
pavsrv51.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
psimsvc.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 12/5/2006 4:14:30 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
rocketdock.exe -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 8/16/2006 7:00:00 AM | Attr = ]
sdmcp.exe -> %CommonProgramFiles%\Stardock\SDMCP.exe -> Stardock [Ver = 0, 0, 5, 11 | Size = 241664 bytes | Modified Date = 5/10/2005 1:31:22 PM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3.2.0.146 | Size = 3054592 bytes | Modified Date = 9/13/2004 9:21:26 AM | Attr = ]
webproxy.exe -> %ProgramFiles%\panda software\panda antivirus 2007\WebProxy.exe -> Panda Software International [Ver = 6, 2, 22, 533 | Size = 69632 bytes | Modified Date = 6/29/2006 11:04:42 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.8.0 | Size = 306176 bytes | Modified Date = 12/31/2006 7:47:16 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 9:18:38 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 11/22/2006 10:52:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(MSSQL$SONY_MEDIAMGR) MSSQL$SONY_MEDIAMGR [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -> File not found
(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/19/2004 12:55:48 AM | Attr = ]
(PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
(SQLAgent$SONY_MEDIAMGR) SQLAgent$SONY_MEDIAMGR [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
APVXDWIN -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\ApVxdWin.exe -> Panda Software International [Ver = 7.00.11 | Size = 311296 bytes | Modified Date = 9/13/2006 8:59:52 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 12/5/2006 4:14:30 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> -> File not found
RocketDock -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 8/16/2006 7:00:00 AM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3.2.0.146 | Size = 3054592 bytes | Modified Date = 9/13/2004 9:21:26 AM | Attr = ]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
iPodService -> ->
kavsvc -> ->
MSSQLServerADHelper -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/29/2004 6:31:38 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk -> %SystemDrive%\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe -> File not found
C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> [Ver = | Size = 159744 bytes | Modified Date = 7/24/2006 8:54:44 AM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Ad-Protect -> %ProgramFiles%\Ad-Protect\ad-protect.exe -> File not found
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 11:01:56 AM | Attr = ]
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
Aim6 -> -> File not found
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6 | Size = 65536 bytes | Modified Date = 4/12/2005 12:10:22 AM | Attr = ]
AlcWzrd -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.19 | Size = 2805248 bytes | Modified Date = 4/6/2005 5:53:00 PM | Attr = ]
APVXDWIN -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE -> File not found
ares -> %ProgramFiles%\Ares\Ares.exe -> File not found
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 9/25/2006 9:12:20 AM | Attr = ]
BootSkin Startup Jobs -> %ProgramFiles%\Stardock\WinCustomize\BootSkin\BootSkin.exe -> [Ver = 1, 0, 6, 0 | Size = 270336 bytes | Modified Date = 4/26/2004 4:21:00 PM | Attr = ]
CaAvTray -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> File not found
CAVRID -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe -> File not found
Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.50.08 | Size = 245760 bytes | Modified Date = 7/30/2004 11:04:22 AM | Attr = ]
DeadAIM45.exe -> %SystemRoot%\DeadAIM45.exe -> File not found
DeadAIMsrv.exe -> %SystemRoot%\DeadAIMsrv.exe -> File not found
HostManager -> %CommonProgramFiles%\AOL\1127679925\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:14 AM | Attr = ]
HPHmon06 -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 7:42:30 PM | Attr = ]
HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 6/7/2004 7:53:26 PM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
KernelFaultCheck -> -> File not found
PestCapture -> %ProgramFiles%\PestCapture\PestCapture.exe -> File not found
PhotoShow Deluxe Media Manager -> %SystemDrive%\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe -> File not found
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 10/16/2002 5:57:10 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 12/5/2006 4:14:30 PM | Attr = ]
RealPlayer -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.12.1741 | Size = 214560 bytes | Modified Date = 10/29/2006 1:12:30 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 4/14/2004 9:43:46 PM | Attr = ]
Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe -> SoftThinks [Ver = 1, 0, 2, 1 | Size = 118784 bytes | Modified Date = 12/18/2003 12:31:42 AM | Attr = ]
RocketDock -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 8/16/2006 7:00:00 AM | Attr = ]
SCANINICIO -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\Inicio.exe -> File not found
Security -> %SystemRoot%\WindowsSecurityUpdate.exe -> File not found
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 14 | Size = 90112 bytes | Modified Date = 4/6/2005 5:57:12 PM | Attr = ]
SpywareHeal -> %ProgramFiles%\SpywareHeal\SpywareHeal.exe -> File not found
Steam -> -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
System Mechanic Startup Guard -> %ProgramFiles%\iolo\System Mechanic 5 Professional\StartupGuard.exe -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
UberIcon -> %ProgramFiles%\UberIcon\UberIcon Manager.exe -> [Ver = | Size = 122880 bytes | Modified Date = 7/17/2006 11:16:46 PM | Attr = ]
ViewMgr -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> File not found
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 4, 0, 9 | Size = 1597440 bytes | Modified Date = 9/9/2004 5:35:38 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3084288 bytes | Modified Date = 8/19/2005 6:34:02 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> %CommonProgramFiles%\Stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 5/10/2005 1:31:20 PM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} [HKLM] -> %System32%\cthkpcv.dll [buprestidae] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 90112 bytes | Modified Date = 11/21/2006 9:19:42 PM | Attr = ]
avldr -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Modified Date = 9/27/2005 12:13:48 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3882 | Size = 344064 bytes | Modified Date = 8/3/2004 7:43:04 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none -> C:\Program Files\Video ActiveX Object\pmsngr.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\isamini.exe -> C:\Program Files\Video ActiveX Object\isamonitor.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/en-us/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://g.msn.com/0SEENUS/SAOS01 ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.deviantart.com/ ->
HKCU: SearchAssistant -> http://ie.search.msn.com/en-us/srchasst/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} [HKLM] -> %ProgramFiles%\Video ActiveX Object\isaddon.dll [] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
[HKLM] -> Reg Data - Key not found [Reg Data - Value does not exist] -> File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ]
WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> %ProgramFiles%\Video ActiveX Object\iesplugin.dll [Protection Bar] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ]
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Key not found ->
{A75C6120-9B36-11d4-A3F0-009027427750} -> 8198 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -> 8197 - Reg Data - Key not found ->
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> 8201 - Reg Data - Value does not exist ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8199 - Yahoo! Messenger ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8203 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ]
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [ButtonText: Yahoo! Messenger] -> [Ver = | Size = 3084288 bytes | Modified Date = 8/19/2005 6:34:02 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [Catalyst Context Menu extension] -> [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr = ]
{611AD258-4138-4348-A534-9856FA6BA398} [HKLM] -> %ProgramFiles%\Stardock\Object Desktop\IconPackager\shellext.dll [IconPackager Icon Handler] -> Stardock.net, Inc [Ver = 3.10.00 | Size = 249856 bytes | Modified Date = 12/14/2005 2:53:42 PM | Attr = ]
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\SHELLTIT.DLL [Panda Antivirus] -> Panda Software International [Ver = 6.1.03 | Size = 118784 bytes | Modified Date = 9/28/2006 1:43:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{cc3ebf80-1a70-11d3-bdf2-00902745d0a9} [HKLM] -> %System32%\Tk421.dll [Mixman Shell Extention] -> Mixman Technologies Inc. [Ver = 1.5.1 | Size = 81920 bytes | Modified Date = 6/1/2001 7:30:26 PM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 10/29/2006 1:12:34 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\SHELLTIT.DLL [Panda Antivirus] -> Panda Software International [Ver = 6.1.03 | Size = 118784 bytes | Modified Date = 9/28/2006 1:43:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 6:13:24 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [ACE] -> [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.3882 | Size = 225280 bytes | Modified Date = 8/3/2004 7:47:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\SHELLTIT.DLL [Panda Antivirus] -> Panda Software International [Ver = 6.1.03 | Size = 118784 bytes | Modified Date = 9/28/2006 1:43:38 PM | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 3.2.0.146 | Size = 86016 bytes | Modified Date = 9/13/2004 9:21:14 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1BDF8AB5-A075-4640-B3B4-EC529D2476B3} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{95B668F4-FF08-4E39-8A9F-04BEB3D884FF} -> (1394 Net Adapter) ->
{BDD52267-0706-4361-9002-0859DD65CFDA} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{326A7290-FAE3-48C5-9FBA-F071633E1EB5} -> VPlayer Control - CodeBase = http://www.sonypictures.com/movies/spiderm.../vivid_ocx.jpeg ->
{3960FED7-8129-46AA-8DD4-ABCB0F74AE05} -> FFChocoMotion Class - CodeBase = http://www.monolith-prime.co.jp/morph/smart_morph_ax.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab ->
{665585FD-2068-4C5E-A6D3-53AC3270ECD4} -> FileSharingCtrl Class - CodeBase = http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://www.pandasoftware.com/activescan/as5/asinst.cab ->
{A2E05F45-F127-4092-B9F7-9A02C3E04C77} -> HGPlugin7USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab ->
{A9ECE670-4652-4763-98F0-8A3EADA7FDBF} -> FrameFree Web Player-5 - CodeBase = http://download.framefree.com/load_ffwp_ac...,3,18,2_id5.cab ->
{BD393C14-72AD-4790-A095-76522973D6B8} -> CBreakshotControl Class - CodeBase = http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab ->
{C5E28B9D-0A68-4B50-94E9-E8F6B4697519} -> NsvPlayX Control - CodeBase = http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CD995117-98E5-4169-9920-6C12D4C0B548} -> HGPlugin9USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->


[Files - Created Wihin 30 days]
PAVSHLD.RPE -> %CommonProgramFiles%\Panda Software\PavShld\PAVSHLD.RPE -> [Ver = | Size = 289 bytes | Created Date = 12/28/2006 12:58:14 PM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Created Date = 12/26/2006 7:28:36 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/2/2007 1:01:35 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/2/2007 1:01:35 PM | Attr = H ]
ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Created Date = 12/21/2006 10:31:02 PM | Attr = ]
avldr.dll -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Created Date = 12/30/2006 9:05:07 PM | Attr = ]
delme.exe -> %System32%\delme.exe -> [Ver = | Size = 3863 bytes | Created Date = 12/28/2006 1:21:54 PM | Attr = ]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Created Date = 12/12/2006 10:25:19 AM | Attr = ]
DivXCodecUpdateChecker.exe -> %System32%\DivXCodecUpdateChecker.exe -> DivX, Inc. [Ver = 6, 2, 5, 7 | Size = 118784 bytes | Created Date = 12/12/2006 10:24:42 AM | Attr = ]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.2.5.34 | Size = 704512 bytes | Created Date = 12/12/2006 10:25:11 AM | Attr = ]
DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 12/12/2006 10:25:09 AM | Attr = ]
DivXsm.exe -> %System32%\DivXsm.exe -> [Ver = | Size = 520192 bytes | Created Date = 12/12/2006 10:30:29 AM | Attr = ]
divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4276 bytes | Created Date = 12/12/2006 10:30:29 AM | Attr = ]
DivXWMPExtType.dll -> %System32%\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Created Date = 12/12/2006 10:24:42 AM | Attr = ]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 806912 bytes | Created Date = 12/12/2006 10:25:20 AM | Attr = ]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 806912 bytes | Created Date = 12/12/2006 10:25:20 AM | Attr = ]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 790528 bytes | Created Date = 12/12/2006 10:25:19 AM | Attr = ]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 12/12/2006 10:25:25 AM | Attr = ]
dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 12/12/2006 10:25:22 AM | Attr = ]
dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 12/12/2006 10:25:22 AM | Attr = ]
dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 12/12/2006 10:25:24 AM | Attr = ]
dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 12/12/2006 10:25:22 AM | Attr = ]
dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 12/12/2006 10:25:22 AM | Attr = ]
dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 12/12/2006 10:25:22 AM | Attr = ]
dsm_de.qm -> %System32%\dsm_de.qm -> [Ver = | Size = 15507 bytes | Created Date = 12/12/2006 10:30:29 AM | Attr = ]
dsm_fr.qm -> %System32%\dsm_fr.qm -> [Ver = | Size = 15299 bytes | Created Date = 12/12/2006 10:30:29 AM | Attr = ]
dsm_ja.qm -> %System32%\dsm_ja.qm -> [Ver = | Size = 10863 bytes | Created Date = 12/12/2006 10:30:29 AM | Attr = ]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Created Date = 12/12/2006 10:25:25 AM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 12/29/2006 11:03:33 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 12/21/2006 10:01:06 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 12/21/2006 10:01:06 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 12/21/2006 10:01:06 PM | Attr = ]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 12/12/2006 10:30:18 AM | Attr = ]
qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 12/12/2006 10:30:26 AM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 12/29/2006 11:03:33 PM | Attr = ]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 12/12/2006 10:30:18 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 12/29/2006 11:03:33 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 12/29/2006 11:03:33 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 12/29/2006 11:03:33 PM | Attr = ]
PavProc.sys -> %System32%\drivers\PavProc.sys -> Panda Software [Ver = 1.1.2.0 | Size = 165120 bytes | Created Date = 12/28/2006 12:58:14 PM | Attr = ]
ShldDrv.sys -> %System32%\drivers\ShldDrv.sys -> Panda Software [Ver = 1.3.6.0 | Size = 26752 bytes | Created Date = 12/28/2006 12:58:14 PM | Attr = ]

[Files - Modified Wihin 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 289 bytes | Modified Date = 12/30/2006 9:27:42 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Modified Date = 1/5/2007 3:24:58 PM | Attr = HS]
PAVSHLD.RPE -> %CommonProgramFiles%\Panda Software\PavShld\PAVSHLD.RPE -> [Ver = | Size = 289 bytes | Modified Date = 12/28/2006 12:58:16 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/5/2007 3:25:02 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/14/2006 4:02:10 PM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Modified Date = 12/26/2006 7:28:14 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 6117 bytes | Modified Date = 12/15/2006 7:18:06 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/2/2007 1:01:36 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/5/2007 4:04:16 PM | Attr = H ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 256 bytes | Modified Date = 12/30/2006 9:27:42 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 610 bytes | Modified Date = 12/30/2006 9:27:42 PM | Attr = ]
delme.exe -> %System32%\delme.exe -> [Ver = | Size = 3863 bytes | Modified Date = 12/28/2006 1:21:56 PM | Attr = ]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 12/12/2006 10:25:20 AM | Attr = ]
DivXCodecUpdateChecker.exe -> %System32%\DivXCodecUpdateChecker.exe -> DivX, Inc. [Ver = 6, 2, 5, 7 | Size = 118784 bytes | Modified Date = 12/12/2006 10:24:44 AM | Attr = ]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.2.5.34 | Size = 704512 bytes | Modified Date = 12/12/2006 10:25:12 AM | Attr = ]
DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 12/12/2006 10:25:10 AM | Attr = ]
DivXsm.exe -> %System32%\DivXsm.exe -> [Ver = | Size = 520192 bytes | Modified Date = 12/12/2006 10:30:30 AM | Attr = ]
divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4276 bytes | Modified Date = 12/12/2006 10:30:30 AM | Attr = ]
DivXWMPExtType.dll -> %System32%\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Modified Date = 12/12/2006 10:24:44 AM | Attr = ]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 806912 bytes | Modified Date = 12/12/2006 10:25:22 AM | Attr = ]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 806912 bytes | Modified Date = 12/12/2006 10:25:22 AM | Attr = ]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 790528 bytes | Modified Date = 12/12/2006 10:25:20 AM | Attr = ]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Modified Date = 12/12/2006 10:25:26 AM | Attr = ]
dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 12/12/2006 10:25:24 AM | Attr = ]
dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 12/12/2006 10:25:24 AM | Attr = ]
dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 12/12/2006 10:25:26 AM | Attr = ]
dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 12/12/2006 10:25:24 AM | Attr = ]
dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 12/12/2006 10:25:24 AM | Attr = ]
dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 12/12/2006 10:25:24 AM | Attr = ]
dsm_de.qm -> %System32%\dsm_de.qm -> [Ver = | Size = 15507 bytes | Modified Date = 12/12/2006 10:30:30 AM | Attr = ]
dsm_fr.qm -> %System32%\dsm_fr.qm -> [Ver = | Size = 15299 bytes | Modified Date = 12/12/2006 10:30:30 AM | Attr = ]
dsm_ja.qm -> %System32%\dsm_ja.qm -> [Ver = | Size = 10863 bytes | Modified Date = 12/12/2006 10:30:30 AM | Attr = ]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Modified Date = 12/12/2006 10:25:26 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 259528 bytes | Modified Date = 12/28/2006 12:49:40 PM | Attr = ]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 12/12/2006 10:30:20 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70700 bytes | Modified Date = 12/30/2006 9:08:04 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 420236 bytes | Modified Date = 12/30/2006 9:08:04 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 499674 bytes | Modified Date = 12/30/2006 9:08:04 PM | Attr = ]
qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 12/12/2006 10:30:28 AM | Attr = ]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 12/12/2006 10:30:20 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/5/2007 3:26:20 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 9/29/2004 1:36:24 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2_03-b02\core3.zip -> [Ver = | Size = 4622375 bytes | Modified Date = 11/20/2003 7:38:14 AM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 3/4/2005 3:09:40 AM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
PTech , -> %CommonProgramFiles%\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 7/11/2002 5:22:04 AM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\NSV\nsvplayx_vp6_aac.dll -> * * * [Ver = 1, 0, 0, 997 | Size = 173056 bytes | Modified Date = 12/10/2003 1:36:44 PM | Attr = ]
SAHAgent , -> %CommonProgramFiles%\PestPatrol\ppsrindex.dat -> [Ver = | Size = 3477 bytes | Modified Date = 2/7/2005 3:50:46 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 10/29/2006 1:12:50 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 131, 0 | Size = 583696 bytes | Modified Date = 10/29/2006 1:12:50 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe -> RealNetworks, Inc. [Ver = 7.0.0.3105 | Size = 58912 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
PEC2 , -> %CommonProgramFiles%\Sony Shared\AVLib\Metallic.dll -> Sony Corporation [Ver = 2.7.00.10280 | Size = 229376 bytes | Modified Date = 10/28/2003 9:49:26 PM | Attr = ]
WSUD , -> %CommonProgramFiles%\Vbox\Licenses\Backup\Adobe PageMaker_7.0.1_47A4.lic -> [Ver = | Size = 626689 bytes | Modified Date = 4/23/2002 6:11:10 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\IFinst27.exe -> [Ver = | Size = 65536 bytes | Modified Date = 2/16/2005 9:42:24 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 12/12/2006 10:25:20 AM | Attr = ]
aspack , -> %System32%\Incinerator.dll -> iolo technologies, LLC [Ver = 5.5.1.0 | Size = 702464 bytes | Modified Date = 2/17/2005 2:35:48 PM | Attr = ]
Thawte Consulting , -> %System32%\itiimg3.dll -> InterActual Technologies, Inc. [Ver = 4.0.2 | Size = 285472 bytes | Modified Date = 6/20/2005 7:11:20 PM | Attr = ]
qoologic , aspack , SAHAgent , winsync , -> %System32%\pav.sig -> [Ver = | Size = 9940873 bytes | Modified Date = 4/1/2005 11:14:04 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/29/2006 1:12:42 PM | Attr = ]
aspack , -> %System32%\screensaver1600x1200.scr -> ScreenTime Media [Ver = 3.0.1 | Size = 203264 bytes | Modified Date = 10/23/2005 1:31:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 4:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 6:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 9:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 5:20:34 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]

< End of report >

Edited by cuervo08, 05 January 2007 - 09:29 PM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:41 PM

Posted 06 January 2007 - 10:53 AM

Hi cuervo08. Let's start with the following:

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process.

Please copy/paste the content of that report into your next reply along with a new WinPFind3u log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt


Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 cuervo08

cuervo08
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 20 January 2007 - 02:48 PM

Here is the WinPFind3u Log

WinPFind3 logfile created on: 1/20/2007 12:35:52 PM
WinPFind3U by OldTimer - Version 1.0.8 Folder = C:\Documents and Settings\HP_Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

523564 Kb Total Physical Memory | 198108 Kb Available Physical Memory | 37.84% Memory free
1277752 Kb Paging File | 958960 Kb Available in Paging File | 75.05% Paging File free

%SystemDrive% = C:
Drive C: | 188629556 Kb Total Space | 59500588 Kb Free Space | 31.54% Free Space
Drive D: | 6707688 Kb Total Space | 758560 Kb Free Space | 11.31% Free Space
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
apvxdwin.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\ApVxdWin.exe -> Panda Software International [Ver = 7.00.11 | Size = 311296 bytes | Modified Date = 9/13/2006 8:59:52 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 9:18:38 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 9:18:38 PM | Attr = ]
avengine.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\AVENGINE.EXE -> Panda Software International [Ver = 2, 0, 1840, 33 | Size = 106496 bytes | Modified Date = 8/8/2006 6:25:32 PM | Attr = ]
pavsrv51.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
psimsvc.exe -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 12/5/2006 4:14:30 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
rocketdock.exe -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 8/16/2006 7:00:00 AM | Attr = ]
sdmcp.exe -> %CommonProgramFiles%\Stardock\SDMCP.exe -> Stardock [Ver = 0, 0, 5, 11 | Size = 241664 bytes | Modified Date = 5/10/2005 1:31:22 PM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3.2.0.146 | Size = 3054592 bytes | Modified Date = 9/13/2004 9:21:26 AM | Attr = ]
webproxy.exe -> %ProgramFiles%\panda software\panda antivirus 2007\WebProxy.exe -> Panda Software International [Ver = 6, 2, 22, 533 | Size = 69632 bytes | Modified Date = 6/29/2006 11:04:42 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.8.0 | Size = 306176 bytes | Modified Date = 12/31/2006 7:47:16 PM | Attr = ]
yahoowidgetengine.exe -> %ProgramFiles%\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 3.1.4 | Size = 1806336 bytes | Modified Date = 5/23/2006 5:17:00 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 9:18:38 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 11/22/2006 10:52:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(MSSQL$SONY_MEDIAMGR) MSSQL$SONY_MEDIAMGR [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -> File not found
(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/19/2004 12:55:48 AM | Attr = ]
(PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
(SQLAgent$SONY_MEDIAMGR) SQLAgent$SONY_MEDIAMGR [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
APVXDWIN -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\ApVxdWin.exe -> Panda Software International [Ver = 7.00.11 | Size = 311296 bytes | Modified Date = 9/13/2006 8:59:52 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 12/5/2006 4:14:30 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> -> File not found
RocketDock -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 8/16/2006 7:00:00 AM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3.2.0.146 | Size = 3054592 bytes | Modified Date = 9/13/2004 9:21:26 AM | Attr = ]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
iPodService -> ->
kavsvc -> ->
MSSQLServerADHelper -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^CMPNENTS^Documents and Settings^Programs^Startup^Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 3.1.4 | Size = 1806336 bytes | Modified Date = 5/23/2006 5:17:00 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/29/2004 6:31:38 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk -> %SystemDrive%\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe -> File not found
C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> [Ver = | Size = 159744 bytes | Modified Date = 7/24/2006 8:54:44 AM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Ad-Protect -> %ProgramFiles%\Ad-Protect\ad-protect.exe -> File not found
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 11:01:56 AM | Attr = ]
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
Aim6 -> -> File not found
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6 | Size = 65536 bytes | Modified Date = 4/12/2005 12:10:22 AM | Attr = ]
AlcWzrd -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.19 | Size = 2805248 bytes | Modified Date = 4/6/2005 5:53:00 PM | Attr = ]
APVXDWIN -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE -> File not found
ares -> %ProgramFiles%\Ares\Ares.exe -> File not found
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 9/25/2006 9:12:20 AM | Attr = ]
BootSkin Startup Jobs -> %ProgramFiles%\Stardock\WinCustomize\BootSkin\BootSkin.exe -> [Ver = 1, 0, 6, 0 | Size = 270336 bytes | Modified Date = 4/26/2004 4:21:00 PM | Attr = ]
CaAvTray -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> File not found
CAVRID -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe -> File not found
Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.50.08 | Size = 245760 bytes | Modified Date = 7/30/2004 11:04:22 AM | Attr = ]
DeadAIM45.exe -> %SystemRoot%\DeadAIM45.exe -> File not found
DeadAIMsrv.exe -> %SystemRoot%\DeadAIMsrv.exe -> File not found
HostManager -> %CommonProgramFiles%\AOL\1127679925\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:14 AM | Attr = ]
HPHmon06 -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 7:42:30 PM | Attr = ]
HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 6/7/2004 7:53:26 PM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
KernelFaultCheck -> -> File not found
PestCapture -> %ProgramFiles%\PestCapture\PestCapture.exe -> File not found
PhotoShow Deluxe Media Manager -> %SystemDrive%\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe -> File not found
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 10/16/2002 5:57:10 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 12/5/2006 4:14:30 PM | Attr = ]
RealPlayer -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.12.1741 | Size = 214560 bytes | Modified Date = 10/29/2006 1:12:30 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 4/14/2004 9:43:46 PM | Attr = ]
Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe -> SoftThinks [Ver = 1, 0, 2, 1 | Size = 118784 bytes | Modified Date = 12/18/2003 12:31:42 AM | Attr = ]
RocketDock -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 8/16/2006 7:00:00 AM | Attr = ]
SCANINICIO -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\Inicio.exe -> File not found
Security -> %SystemRoot%\WindowsSecurityUpdate.exe -> File not found
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 14 | Size = 90112 bytes | Modified Date = 4/6/2005 5:57:12 PM | Attr = ]
SpywareHeal -> %ProgramFiles%\SpywareHeal\SpywareHeal.exe -> File not found
Steam -> -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
System Mechanic Startup Guard -> %ProgramFiles%\iolo\System Mechanic 5 Professional\StartupGuard.exe -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
UberIcon -> %ProgramFiles%\UberIcon\UberIcon Manager.exe -> [Ver = | Size = 122880 bytes | Modified Date = 7/17/2006 11:16:46 PM | Attr = ]
ViewMgr -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> File not found
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 4, 0, 9 | Size = 1597440 bytes | Modified Date = 9/9/2004 5:35:38 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3084288 bytes | Modified Date = 8/19/2005 6:34:02 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> %CommonProgramFiles%\Stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 5/10/2005 1:31:20 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 90112 bytes | Modified Date = 11/21/2006 9:19:42 PM | Attr = ]
avldr -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Modified Date = 9/27/2005 12:13:48 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3882 | Size = 344064 bytes | Modified Date = 8/3/2004 7:43:04 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none -> C:\Program Files\Video ActiveX Object\pmsngr.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\isamini.exe -> C:\Program Files\Video ActiveX Object\isamonitor.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
[HKLM] -> Reg Data - Key not found [Reg Data - Value does not exist] -> File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ]
WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ]
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Key not found ->
{A75C6120-9B36-11d4-A3F0-009027427750} -> 8198 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -> 8197 - Reg Data - Key not found ->
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> 8201 - Reg Data - Value does not exist ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8199 - Yahoo! Messenger ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8203 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ]
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [ButtonText: Yahoo! Messenger] -> [Ver = | Size = 3084288 bytes | Modified Date = 8/19/2005 6:34:02 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [Catalyst Context Menu extension] -> [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr = ]
{611AD258-4138-4348-A534-9856FA6BA398} [HKLM] -> %ProgramFiles%\Stardock\Object Desktop\IconPackager\shellext.dll [IconPackager Icon Handler] -> Stardock.net, Inc [Ver = 3.10.00 | Size = 249856 bytes | Modified Date = 12/14/2005 2:53:42 PM | Attr = ]
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\SHELLTIT.DLL [Panda Antivirus] -> Panda Software International [Ver = 6.1.03 | Size = 118784 bytes | Modified Date = 9/28/2006 1:43:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{cc3ebf80-1a70-11d3-bdf2-00902745d0a9} [HKLM] -> %System32%\Tk421.dll [Mixman Shell Extention] -> Mixman Technologies Inc. [Ver = 1.5.1 | Size = 81920 bytes | Modified Date = 6/1/2001 7:30:26 PM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 10/29/2006 1:12:34 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\SHELLTIT.DLL [Panda Antivirus] -> Panda Software International [Ver = 6.1.03 | Size = 118784 bytes | Modified Date = 9/28/2006 1:43:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 6:13:24 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [ACE] -> [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.3882 | Size = 225280 bytes | Modified Date = 8/3/2004 7:47:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Antivirus 2007\SHELLTIT.DLL [Panda Antivirus] -> Panda Software International [Ver = 6.1.03 | Size = 118784 bytes | Modified Date = 9/28/2006 1:43:38 PM | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 3.2.0.146 | Size = 86016 bytes | Modified Date = 9/13/2004 9:21:14 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1BDF8AB5-A075-4640-B3B4-EC529D2476B3} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{95B668F4-FF08-4E39-8A9F-04BEB3D884FF} -> (1394 Net Adapter) ->
{BDD52267-0706-4361-9002-0859DD65CFDA} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{326A7290-FAE3-48C5-9FBA-F071633E1EB5} -> VPlayer Control - CodeBase = http://www.sonypictures.com/movies/spiderm.../vivid_ocx.jpeg ->
{3960FED7-8129-46AA-8DD4-ABCB0F74AE05} -> FFChocoMotion Class - CodeBase = http://www.monolith-prime.co.jp/morph/smart_morph_ax.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab ->
{665585FD-2068-4C5E-A6D3-53AC3270ECD4} -> FileSharingCtrl Class - CodeBase = http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://www.pandasoftware.com/activescan/as5/asinst.cab ->
{A2E05F45-F127-4092-B9F7-9A02C3E04C77} -> HGPlugin7USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab ->
{A9ECE670-4652-4763-98F0-8A3EADA7FDBF} -> FrameFree Web Player-5 - CodeBase = http://download.framefree.com/load_ffwp_ac...,3,18,2_id5.cab ->
{BD393C14-72AD-4790-A095-76522973D6B8} -> CBreakshotControl Class - CodeBase = http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab ->
{BE833F39-1E0C-468C-BA70-25AAEE55775E} -> System Requirements Lab Class - CodeBase = http://www.systemrequirementslab.com/sysreqlab.cab ->
{C5E28B9D-0A68-4B50-94E9-E8F6B4697519} -> NsvPlayX Control - CodeBase = http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CD995117-98E5-4169-9920-6C12D4C0B548} -> HGPlugin9USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->


[Files - Created Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
Uninstall.exe -> %CommonProgramFiles%\SystemRequirementsLab\Uninstall.exe -> [Ver = | Size = 45272 bytes | Created Date = 1/12/2007 3:58:08 PM | Attr = ]
PAVSHLD.RPE -> %CommonProgramFiles%\Panda Software\PavShld\PAVSHLD.RPE -> [Ver = | Size = 289 bytes | Created Date = 12/28/2006 12:58:14 PM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Created Date = 12/26/2006 7:28:36 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/18/2007 8:09:40 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/18/2007 8:09:40 PM | Attr = H ]
avldr.dll -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Created Date = 12/30/2006 9:05:07 PM | Attr = ]
delme.exe -> %System32%\delme.exe -> [Ver = | Size = 3863 bytes | Created Date = 12/28/2006 1:21:54 PM | Attr = ]
infect_kitten.scr -> %System32%\infect_kitten.scr -> ScreenTime Media [Ver = 3.2.1 | Size = 532480 bytes | Created Date = 1/6/2007 11:57:25 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 884 bytes | Created Date = 1/20/2007 12:16:59 PM | Attr = ]
PavProc.sys -> %System32%\drivers\PavProc.sys -> Panda Software [Ver = 1.1.2.0 | Size = 165120 bytes | Created Date = 12/28/2006 12:58:14 PM | Attr = ]
ShldDrv.sys -> %System32%\drivers\ShldDrv.sys -> Panda Software [Ver = 1.3.6.0 | Size = 26752 bytes | Created Date = 12/28/2006 12:58:14 PM | Attr = ]

[Files - Modified Wihin 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 289 bytes | Modified Date = 1/20/2007 12:33:58 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Modified Date = 1/20/2007 12:28:16 PM | Attr = HS]
Uninstall.exe -> %CommonProgramFiles%\SystemRequirementsLab\Uninstall.exe -> [Ver = | Size = 45272 bytes | Modified Date = 1/12/2007 3:58:10 PM | Attr = ]
PAVSHLD.RPE -> %CommonProgramFiles%\Panda Software\PavShld\PAVSHLD.RPE -> [Ver = | Size = 289 bytes | Modified Date = 12/28/2006 12:58:16 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/20/2007 12:28:24 PM | Attr = S]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Modified Date = 12/26/2006 7:28:14 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/18/2007 8:09:42 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/19/2007 3:26:10 PM | Attr = H ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 256 bytes | Modified Date = 1/20/2007 12:33:58 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 610 bytes | Modified Date = 1/20/2007 12:33:58 PM | Attr = ]
delme.exe -> %System32%\delme.exe -> [Ver = | Size = 3863 bytes | Modified Date = 12/28/2006 1:21:56 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 259528 bytes | Modified Date = 12/28/2006 12:49:40 PM | Attr = ]
infect_kitten.scr -> %System32%\infect_kitten.scr -> ScreenTime Media [Ver = 3.2.1 | Size = 532480 bytes | Modified Date = 1/6/2007 11:57:26 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70700 bytes | Modified Date = 12/30/2006 9:08:04 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 420236 bytes | Modified Date = 12/30/2006 9:08:04 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 499674 bytes | Modified Date = 12/30/2006 9:08:04 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 884 bytes | Modified Date = 1/20/2007 12:17:00 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/20/2007 12:29:58 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 9/29/2004 1:36:24 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2_03-b02\core3.zip -> [Ver = | Size = 4622375 bytes | Modified Date = 11/20/2003 7:38:14 AM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 3/4/2005 3:09:40 AM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
PTech , -> %CommonProgramFiles%\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 7/11/2002 5:22:04 AM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\NSV\nsvplayx_vp6_aac.dll -> * * * [Ver = 1, 0, 0, 997 | Size = 173056 bytes | Modified Date = 12/10/2003 1:36:44 PM | Attr = ]
SAHAgent , -> %CommonProgramFiles%\PestPatrol\ppsrindex.dat -> [Ver = | Size = 3477 bytes | Modified Date = 2/7/2005 3:50:46 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 10/29/2006 1:12:50 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 131, 0 | Size = 583696 bytes | Modified Date = 10/29/2006 1:12:50 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe -> RealNetworks, Inc. [Ver = 7.0.0.3105 | Size = 58912 bytes | Modified Date = 10/29/2006 1:12:26 PM | Attr = ]
PEC2 , -> %CommonProgramFiles%\Sony Shared\AVLib\Metallic.dll -> Sony Corporation [Ver = 2.7.00.10280 | Size = 229376 bytes | Modified Date = 10/28/2003 9:49:26 PM | Attr = ]
WSUD , -> %CommonProgramFiles%\Vbox\Licenses\Backup\Adobe PageMaker_7.0.1_47A4.lic -> [Ver = | Size = 626689 bytes | Modified Date = 4/23/2002 6:11:10 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\IFinst27.exe -> [Ver = | Size = 65536 bytes | Modified Date = 2/16/2005 9:42:24 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 12/12/2006 10:25:20 AM | Attr = ]
aspack , -> %System32%\Incinerator.dll -> iolo technologies, LLC [Ver = 5.5.1.0 | Size = 702464 bytes | Modified Date = 2/17/2005 2:35:48 PM | Attr = ]
Thawte Consulting , -> %System32%\itiimg3.dll -> InterActual Technologies, Inc. [Ver = 4.0.2 | Size = 285472 bytes | Modified Date = 6/20/2005 7:11:20 PM | Attr = ]
qoologic , aspack , SAHAgent , winsync , -> %System32%\pav.sig -> [Ver = | Size = 9940873 bytes | Modified Date = 4/1/2005 11:14:04 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/29/2006 1:12:42 PM | Attr = ]
aspack , -> %System32%\screensaver1600x1200.scr -> ScreenTime Media [Ver = 3.0.1 | Size = 203264 bytes | Modified Date = 10/23/2005 1:31:38 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]

< End of report >


Here is the SmitFraudFix Report

SmitFraudFix v2.132

Scan done at 12:16:54.79, Sat 01/20/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"Startup"="MCPSystemStartup"


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:41 PM

Posted 21 January 2007 - 10:21 AM

Hi cuervo08. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

That is an old version of WinPFind3u. Please delete the install file and folder from your desktop and download the latest version before proceeding:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Next, Please follow the steps below in order:

Step #1

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step #2

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk -> %SystemDrive%\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> Ad-Protect -> %ProgramFiles%\Ad-Protect\ad-protect.exe
YN -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl
YN -> Aim6 ->
YN -> APVXDWIN -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
YN -> ares -> %ProgramFiles%\Ares\Ares.exe
YN -> CaAvTray -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
YN -> CAVRID -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
YN -> DeadAIM45.exe -> %SystemRoot%\DeadAIM45.exe
YN -> DeadAIMsrv.exe -> %SystemRoot%\DeadAIMsrv.exe
YN -> IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe
YN -> KernelFaultCheck ->
YN -> PestCapture -> %ProgramFiles%\PestCapture\PestCapture.exe
YN -> PhotoShow Deluxe Media Manager -> %SystemDrive%\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
YN -> SCANINICIO -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\Inicio.exe
YN -> Security -> %SystemRoot%\WindowsSecurityUpdate.exe
YN -> SpywareHeal -> %ProgramFiles%\SpywareHeal\SpywareHeal.exe
YN -> Steam ->
YN -> System Mechanic Startup Guard -> %ProgramFiles%\iolo\System Mechanic 5 Professional\StartupGuard.exe
YN -> ViewMgr -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {A2E05F45-F127-4092-B9F7-9A02C3E04C77} -> HGPlugin7USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
YN -> {CD995117-98E5-4169-9920-6C12D4C0B548} -> HGPlugin9USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
[Files - Created Wihin 30 days]
NY -> infect_kitten.scr -> %System32%\infect_kitten.scr
[Files - Modified Wihin 30 days]
NY -> infect_kitten.scr -> %System32%\infect_kitten.scr
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %SystemRoot%\IFinst27.exe


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #5

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users