Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Is Faulty (cut Off) Cannot Run Sdfix In Safe Mode.


  • Please log in to reply
5 replies to this topic

#1 DRaley

DRaley

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 22 March 2007 - 06:26 PM

HJT log seems shortened and cutoff. Cannot install windows updates -- goes through installation and then provides error message saying it was unsuccessful. Corrupted AVG 7.5 -- unable to download updates. svchost.exe (not system or local or network) keeps appearing and using 100%cpu. Able to terminate with task manager. Unable to run SDFix in safe mode -- system goes to 100% utilization but nothing occurs. I have run online scans and command line scanners (trend micro, sophos, reinstalled AVG 7.5) I am desperate for help. Posted in TomCoyote and another forum without any replies. Following is the HJT log -- sorry if it seems incomplete -- I fear something is disabling the full scan and log.

Logfile of HijackThis v1.99.1
Scan saved at 8:27:27 PM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.azdes.gov/organization/ddd/legacydd/DDDVendorDirectory/(beslcovvnkicpoysgx4d3df5)/frame_Main.aspx"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363} - C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.azdes.gov
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120577502578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141453043390
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fidelity.com/products/tool...lityToolbar.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/diner_d...sh.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastrop...aploader_v7.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

Thank you for any help!

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:55 PM

Posted 28 March 2007 - 05:44 PM

Hello DRaley and welcome to the BC HijackThis forum. Killing an svchost process can create many different issues for a computer. It is a required process and there are usually multiple svchost processes running simultaneously for various operating functions.

Let's try this. Reboot the computer normally and DO NOT kill any processes. Then, download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Policy Settings
      Reg - Security Settings
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 DRaley

DRaley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 28 March 2007 - 09:47 PM

Here it is. Thank you.

WinPFind3 logfile created on: 3/28/2007 7:06:28 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247 Mb Total Physical Memory | 96 Mb Available Physical Memory | 39.17% Memory free
606 Mb Paging File | 261 Mb Available in Paging File | 43.11% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32 Gb Total Space | 17 Gb Free Space | 52.67% Space Free
Drive D: | 4 Gb Total Space | 2 Gb Free Space | 41.44% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DIANERALEY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16 PM | Attr = ]
brmfrsmg.exe -> %System32%\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Modified Date = 8/17/2001 11:36:38 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
pptd40nt.exe -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 3/26/2007 8:04:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16 PM | Attr = ]
(brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own | Disabled | Stopped] -> %System32%\Brmfrmps.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(msCMTSrvc) Content Monitoring Tool [Win32_Own | Disabled | Stopped] -> %System32%\msCMTSrvc.exe -> File not found
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Disabled | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 61440 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
(RServer3) Radmin Server V3 [Win32_Own | Disabled | Stopped] -> %System32%\rserver30\rserver3.exe -> Famatech International Corp. [Ver = 3, 0, 0, 5 | Size = 1235032 bytes | Modified Date = 2/2/2007 2:35:06 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
IndexSearch -> %ProgramFiles%\Scansoft\PaperPort\IndexSearch.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/12/2002 10:07:26 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 372736 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
PaperPort PTD -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34 AM | Attr = ]
SetDefPrt -> %ProgramFiles%\Brother\Brmfl03a\BrStDvPt.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NVIEW -> %System32%\nview.dll [rundll32.exe nview.dll,nViewLoadHook] -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 3:50:54 PM | Attr = ]
< HOSTS File > ->
-> Hosts file not found ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://qus7.hpwis.com/ ->
HKCU: Default_Search_URL -> http://search.msn.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://hotmail.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOLTBSearch Class] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
www_azdes.gov [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{76886F39-D4D8-4f00-A354-3CC1C364F363} [HKLM] -> %SystemRoot%\Downloaded Program Files\FidelityToolbar.dll [Fidelity Toolbar] -> [Ver = | Size = 524362 bytes | Modified Date = 12/8/2003 5:17:48 PM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{76886F39-D4D8-4F00-A354-3CC1C364F363} [HKLM] -> %SystemRoot%\Downloaded Program Files\FidelityToolbar.dll [Fidelity Toolbar] -> [Ver = | Size = 524362 bytes | Modified Date = 12/8/2003 5:17:48 PM | Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
sv1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{10F5A075-0374-45A1-B11E-D2BBB4EAB639} -> (1394 Net Adapter) ->
{E4400E61-C9F8-45FD-81CD-A48F7422CAE2} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -> MSN Money Charting - CodeBase = http://moneycentral.msn.com/cabs/pmupd806.exe ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc2.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1175131232984 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1175131210859 ->
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} -> Housecall ActiveX 6.5 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab ->
{76886F39-D4D8-4F00-A354-3CC1C364F363} -> Fidelity Toolbar - CodeBase = http://personal.fidelity.com/products/tool...lityToolbar.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase = http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab ->
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} -> - CodeBase = ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl Object - CodeBase = http://games.pogo.com/online2/pogo/diner_d...sh.1.0.0.80.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
Yahoo! Literati -> - CodeBase = http://download.games.yahoo.com/games/clients/y/tt4_x.cab ->
Yahoo! MahJong Solitaire -> - CodeBase = http://download.games.yahoo.com/games/clients/y/mjst4_x.cab ->


[Files/Folders - Created Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Created Date = 3/21/2007 12:33:49 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Created Date = 3/21/2007 7:21:31 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 3/21/2007 5:13:59 PM | Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Created Date = 3/28/2007 1:48:23 PM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/17/2007 11:33:17 PM | Attr = H ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 3/28/2007 6:21:18 PM | Attr = ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Created Date = 3/21/2007 1:53:53 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes | Created Date = 3/21/2007 10:30:10 PM | Attr = HS]
autoexec.bak -> %System32%\autoexec.bak -> [Ver = | Size = 1688 bytes | Created Date = 3/21/2007 12:35:00 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Created Date = 3/21/2007 1:52:23 AM | Attr = ]
config.bak -> %System32%\config.bak -> [Ver = | Size = 2577 bytes | Created Date = 3/21/2007 12:35:00 PM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Created Date = 3/8/2007 12:38:53 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 3/21/2007 6:48:48 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 3/21/2007 6:48:51 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 3/21/2007 6:48:52 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/26/2007 12:20:41 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 3/21/2007 6:46:27 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Modified Date = 3/21/2007 4:09:04 PM | Attr = ]
batchqry.bat -> %SystemDrive%\batchqry.bat -> [Ver = | Size = 22 bytes | Modified Date = 3/22/2007 2:52:54 PM | Attr = ]
bdtmp -> %SystemDrive%\bdtmp -> [Folder | Modified Date = 3/22/2007 2:52:26 PM | Attr = H ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 199 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/21/2007 6:16:02 PM | Attr = ]
Ddd edi HOLDING FILE -> %SystemDrive%\Ddd edi HOLDING FILE -> [Folder | Modified Date = 3/28/2007 6:32:34 PM | Attr = ]
DDDEDI -> %SystemDrive%\DDDEDI -> [Folder | Modified Date = 3/22/2007 2:53:24 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/19/2007 7:31:28 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/26/2007 12:07:14 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Modified Date = 3/21/2007 7:21:34 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 3/21/2007 9:59:54 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Modified Date = 3/28/2007 1:57:38 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/13/2007 8:37:32 PM | Attr = H ]
$NtUninstallKB824141$ -> %SystemRoot%\$NtUninstallKB824141$ -> [Folder | Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828028$ -> %SystemRoot%\$NtUninstallKB828028$ -> [Folder | Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828035$ -> %SystemRoot%\$NtUninstallKB828035$ -> [Folder | Modified Date = 3/20/2007 9:45:20 PM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder | Modified Date = 3/20/2007 9:45:44 PM | Attr = H ]
$NtUninstallKB839645$ -> %SystemRoot%\$NtUninstallKB839645$ -> [Folder | Modified Date = 3/20/2007 9:45:54 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/19/2007 7:27:06 PM | Attr = H ]
$NtUninstallQ828026$ -> %SystemRoot%\$NtUninstallQ828026$ -> [Folder | Modified Date = 3/20/2007 9:48:50 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/20/2007 9:48:52 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/19/2007 7:31:00 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 3/21/2007 11:14:14 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/28/2007 2:37:26 PM | Attr = S]
BrmfBidi.ini -> %SystemRoot%\BrmfBidi.ini -> [Ver = | Size = 1089 bytes | Modified Date = 3/28/2007 2:38:06 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/19/2007 7:30:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/22/2007 10:15:12 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/28/2007 7:02:04 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/13/2007 10:55:44 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 3/5/2007 12:51:16 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 636 bytes | Modified Date = 3/8/2007 10:27:58 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 3/8/2007 10:27:58 PM | Attr = ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 3/21/2007 1:53:54 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/28/2007 7:02:18 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 3/28/2007 6:22:22 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/21/2007 6:48:30 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 290 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/2/2007 12:52:04 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 981 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/19/2007 7:34:26 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/28/2007 2:37:34 PM | Attr = H ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 362 bytes | Modified Date = 3/27/2007 3:00:02 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes | Modified Date = 3/21/2007 10:30:12 PM | Attr = HS]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 3/21/2007 12:24:14 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/21/2007 10:32:14 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/28/2007 6:20:26 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 3/21/2007 1:52:24 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/21/2007 12:25:00 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/28/2007 6:21:26 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/26/2007 12:20:42 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 3/17/2007 8:03:14 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/20/2007 7:31:36 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 3/19/2007 7:32:20 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/20/2007 7:31:34 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 60170 bytes | Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 396982 bytes | Modified Date = 3/13/2007 12:51:50 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 447082 bytes | Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Modified Date = 3/22/2007 11:25:32 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/20/2007 7:31:36 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/21/2007 12:29:46 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 3/28/2007 6:44:10 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/21/2007 6:48:50 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 3/21/2007 6:48:52 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/21/2007 12:35:02 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 3/20/2007 11:54:50 AM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 716 bytes | Modified Date = 3/2/2007 12:50:36 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\DOTEST.EXE -> Sonbry Marketing International [Ver = 1.00.0215 | Size = 332800 bytes | Modified Date = 8/29/2004 1:06:52 PM | Attr = ]
PEC2 , -> %SystemRoot%\pcboot.exe -> Sonbry [Ver = 1.00 | Size = 6656 bytes | Modified Date = 5/19/2001 8:08:44 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\realtime.exe -> [Ver = 1.00 | Size = 91648 bytes | Modified Date = 8/29/2004 1:07:16 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\ss3unstl.exe -> [Ver = | Size = 18432 bytes | Modified Date = 12/7/2003 1:59:52 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\UnGins.exe -> [Ver = | Size = 41984 bytes | Modified Date = 12/20/2002 6:12:50 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Unwash5.exe -> [Ver = | Size = 44032 bytes | Modified Date = 5/17/2004 5:05:18 AM | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 3:20:44 PM | Attr = ]
aspack , -> %System32%\AresButtonPro.ocx -> programmer Dikov Artiom art@guard.ricor.ru [Ver = 6, 0, 0, 3 | Size = 658944 bytes | Modified Date = 7/11/2000 11:39:34 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , -> %System32%\igfxhcsy.lhp -> [Ver = | Size = 59914 bytes | Modified Date = 8/20/2004 3:56:24 PM | Attr = ]
Thawte Consulting , -> %System32%\LMImirr2.dll -> LogMeIn, Inc. [Ver = 2.30.542 | Size = 9584 bytes | Modified Date = 10/6/2006 8:56:06 PM | Attr = ]
Thawte Consulting , -> %System32%\ractrlkeyhook.dll -> [Ver = | Size = 7936 bytes | Modified Date = 10/12/2006 5:18:56 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM | Attr = ]
aspack , -> %System32%\Sase.ocx -> [Ver = 2.3.9.0 | Size = 227840 bytes | Modified Date = 8/4/2001 6:43:54 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Tropical Screensaver.scr -> [Ver = 1, 0, 0, 1 | Size = 1566144 bytes | Modified Date = 12/7/2003 1:59:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.80.0 | Size = 406048 bytes | Modified Date = 11/21/2001 1:34:08 PM | Attr = R ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/21/2007 6:48:50 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:55 PM

Posted 29 March 2007 - 02:55 PM

Hi DRaley. I don't see any malware problems in the log. It's clean.

There are some housekeeping items that do not have files for various toolbars that were once installed so let's take care of those while you are here. Also, it appears that there are some files missing pertaining to a Brother printer. If you are having problems with your printer then try reinstalling the software that came with it.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar]
YN -> {85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8]
YN -> {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm
YN -> &eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm
YN -> E&xport to Microsoft Excel ->
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here and I will review it when it comes back in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 DRaley

DRaley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 30 March 2007 - 03:30 PM

Hi,

I was unable to have the fix applied. The fix would start and then just stop responding. Below is the latest scan. Please let me know what else I can do. Thanks for your help.

WinPFind3 logfile created on: 3/30/2007 1:17:56 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247 Mb Total Physical Memory | 90 Mb Available Physical Memory | 36.55% Memory free
606 Mb Paging File | 362 Mb Available in Paging File | 59.80% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32 Gb Total Space | 17 Gb Free Space | 53.01% Space Free
Drive D: | 4 Gb Total Space | 2 Gb Free Space | 41.44% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DIANERALEY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16 PM | Attr = ]
brmfrsmg.exe -> %System32%\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Modified Date = 8/17/2001 11:36:38 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
pptd40nt.exe -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 3/26/2007 8:04:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16 PM | Attr = ]
(brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own | Disabled | Stopped] -> %System32%\Brmfrmps.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(msCMTSrvc) Content Monitoring Tool [Win32_Own | Disabled | Stopped] -> %System32%\msCMTSrvc.exe -> File not found
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Disabled | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 61440 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
(RServer3) Radmin Server V3 [Win32_Own | Disabled | Stopped] -> %System32%\rserver30\rserver3.exe -> Famatech International Corp. [Ver = 3, 0, 0, 5 | Size = 1235032 bytes | Modified Date = 2/2/2007 2:35:06 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
IndexSearch -> %ProgramFiles%\Scansoft\PaperPort\IndexSearch.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/12/2002 10:07:26 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 372736 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
PaperPort PTD -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34 AM | Attr = ]
SetDefPrt -> %ProgramFiles%\Brother\Brmfl03a\BrStDvPt.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NVIEW -> %System32%\nview.dll [rundll32.exe nview.dll,nViewLoadHook] -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 3:50:54 PM | Attr = ]
< HOSTS File > ->
-> Hosts file not found ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://qus7.hpwis.com/ ->
HKCU: Default_Search_URL -> http://search.msn.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://hotmail.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOLTBSearch Class] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
www_azdes.gov [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{76886F39-D4D8-4f00-A354-3CC1C364F363} [HKLM] -> %SystemRoot%\Downloaded Program Files\FidelityToolbar.dll [Fidelity Toolbar] -> [Ver = | Size = 524362 bytes | Modified Date = 12/8/2003 5:17:48 PM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{76886F39-D4D8-4F00-A354-3CC1C364F363} [HKLM] -> %SystemRoot%\Downloaded Program Files\FidelityToolbar.dll [Fidelity Toolbar] -> [Ver = | Size = 524362 bytes | Modified Date = 12/8/2003 5:17:48 PM | Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
sv1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{10F5A075-0374-45A1-B11E-D2BBB4EAB639} -> (1394 Net Adapter) ->
{E4400E61-C9F8-45FD-81CD-A48F7422CAE2} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -> MSN Money Charting - CodeBase = http://moneycentral.msn.com/cabs/pmupd806.exe ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc2.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1175131232984 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1175131210859 ->
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} -> Housecall ActiveX 6.5 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab ->
{76886F39-D4D8-4F00-A354-3CC1C364F363} -> Fidelity Toolbar - CodeBase = http://personal.fidelity.com/products/tool...lityToolbar.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase = http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab ->
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} -> - CodeBase = ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl Object - CodeBase = http://games.pogo.com/online2/pogo/diner_d...sh.1.0.0.80.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
Yahoo! Literati -> - CodeBase = http://download.games.yahoo.com/games/clients/y/tt4_x.cab ->
Yahoo! MahJong Solitaire -> - CodeBase = http://download.games.yahoo.com/games/clients/y/mjst4_x.cab ->


[Files/Folders - Created Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Created Date = 3/21/2007 12:33:49 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Created Date = 3/21/2007 7:21:31 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 3/21/2007 5:13:59 PM | Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Created Date = 3/28/2007 1:48:23 PM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/17/2007 11:33:17 PM | Attr = H ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Created Date = 3/21/2007 1:53:53 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes | Created Date = 3/21/2007 10:30:10 PM | Attr = HS]
autoexec.bak -> %System32%\autoexec.bak -> [Ver = | Size = 1688 bytes | Created Date = 3/21/2007 12:35:00 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Created Date = 3/21/2007 1:52:23 AM | Attr = ]
config.bak -> %System32%\config.bak -> [Ver = | Size = 2577 bytes | Created Date = 3/21/2007 12:35:00 PM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Created Date = 3/8/2007 12:38:53 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 3/21/2007 6:48:48 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 3/21/2007 6:48:51 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 3/21/2007 6:48:52 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/26/2007 12:20:41 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 3/21/2007 6:46:27 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Modified Date = 3/21/2007 4:09:04 PM | Attr = ]
batchqry.bat -> %SystemDrive%\batchqry.bat -> [Ver = | Size = 22 bytes | Modified Date = 3/22/2007 2:52:54 PM | Attr = ]
bdtmp -> %SystemDrive%\bdtmp -> [Folder | Modified Date = 3/22/2007 2:52:26 PM | Attr = H ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 199 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/21/2007 6:16:02 PM | Attr = ]
Ddd edi HOLDING FILE -> %SystemDrive%\Ddd edi HOLDING FILE -> [Folder | Modified Date = 3/30/2007 11:50:32 AM | Attr = ]
DDDEDI -> %SystemDrive%\DDDEDI -> [Folder | Modified Date = 3/22/2007 2:53:24 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/19/2007 7:31:28 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/26/2007 12:07:14 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Modified Date = 3/21/2007 7:21:34 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 3/21/2007 9:59:54 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/29/2007 9:00:34 AM | Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Modified Date = 3/28/2007 1:57:38 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/13/2007 8:37:32 PM | Attr = H ]
$NtUninstallKB824141$ -> %SystemRoot%\$NtUninstallKB824141$ -> [Folder | Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828028$ -> %SystemRoot%\$NtUninstallKB828028$ -> [Folder | Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828035$ -> %SystemRoot%\$NtUninstallKB828035$ -> [Folder | Modified Date = 3/20/2007 9:45:20 PM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder | Modified Date = 3/20/2007 9:45:44 PM | Attr = H ]
$NtUninstallKB839645$ -> %SystemRoot%\$NtUninstallKB839645$ -> [Folder | Modified Date = 3/20/2007 9:45:54 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/19/2007 7:27:06 PM | Attr = H ]
$NtUninstallQ828026$ -> %SystemRoot%\$NtUninstallQ828026$ -> [Folder | Modified Date = 3/20/2007 9:48:50 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/20/2007 9:48:52 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/19/2007 7:31:00 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 3/21/2007 11:14:14 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/30/2007 1:00:28 PM | Attr = S]
BrmfBidi.ini -> %SystemRoot%\BrmfBidi.ini -> [Ver = | Size = 1089 bytes | Modified Date = 3/30/2007 1:01:04 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/19/2007 7:30:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/28/2007 7:02:34 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2007 3:09:14 AM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/13/2007 10:55:44 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 3/5/2007 12:51:16 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 636 bytes | Modified Date = 3/8/2007 10:27:58 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 3/8/2007 10:27:58 PM | Attr = ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 3/21/2007 1:53:54 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/30/2007 12:54:50 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 3/28/2007 6:22:22 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/21/2007 6:48:30 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 290 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/2/2007 12:52:04 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/30/2007 1:01:32 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 981 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/19/2007 7:34:26 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/30/2007 1:00:34 PM | Attr = H ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 362 bytes | Modified Date = 3/27/2007 3:00:02 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes | Modified Date = 3/21/2007 10:30:12 PM | Attr = HS]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 3/21/2007 12:24:14 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/21/2007 10:32:14 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/29/2007 4:10:54 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 3/21/2007 1:52:24 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/21/2007 12:25:00 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/28/2007 6:21:26 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/26/2007 12:20:42 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 3/17/2007 8:03:14 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/20/2007 7:31:36 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 3/19/2007 7:32:20 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/20/2007 7:31:34 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 60170 bytes | Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 396982 bytes | Modified Date = 3/13/2007 12:51:50 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 447082 bytes | Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Modified Date = 3/22/2007 11:25:32 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/20/2007 7:31:36 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/21/2007 12:29:46 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 3/30/2007 1:01:58 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/21/2007 6:48:50 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 3/21/2007 6:48:52 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/21/2007 12:35:02 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 3/20/2007 11:54:50 AM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 716 bytes | Modified Date = 3/2/2007 12:50:36 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\DOTEST.EXE -> Sonbry Marketing International [Ver = 1.00.0215 | Size = 332800 bytes | Modified Date = 8/29/2004 1:06:52 PM | Attr = ]
PEC2 , -> %SystemRoot%\pcboot.exe -> Sonbry [Ver = 1.00 | Size = 6656 bytes | Modified Date = 5/19/2001 8:08:44 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\realtime.exe -> [Ver = 1.00 | Size = 91648 bytes | Modified Date = 8/29/2004 1:07:16 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\ss3unstl.exe -> [Ver = | Size = 18432 bytes | Modified Date = 12/7/2003 1:59:52 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\UnGins.exe -> [Ver = | Size = 41984 bytes | Modified Date = 12/20/2002 6:12:50 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Unwash5.exe -> [Ver = | Size = 44032 bytes | Modified Date = 5/17/2004 5:05:18 AM | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 3:20:44 PM | Attr = ]
aspack , -> %System32%\AresButtonPro.ocx -> programmer Dikov Artiom art@guard.ricor.ru [Ver = 6, 0, 0, 3 | Size = 658944 bytes | Modified Date = 7/11/2000 11:39:34 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , -> %System32%\igfxhcsy.lhp -> [Ver = | Size = 59914 bytes | Modified Date = 8/20/2004 3:56:24 PM | Attr = ]
Thawte Consulting , -> %System32%\LMImirr2.dll -> LogMeIn, Inc. [Ver = 2.30.542 | Size = 9584 bytes | Modified Date = 10/6/2006 8:56:06 PM | Attr = ]
Thawte Consulting , -> %System32%\ractrlkeyhook.dll -> [Ver = | Size = 7936 bytes | Modified Date = 10/12/2006 5:18:56 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM | Attr = ]
aspack , -> %System32%\Sase.ocx -> [Ver = 2.3.9.0 | Size = 227840 bytes | Modified Date = 8/4/2001 6:43:54 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Tropical Screensaver.scr -> [Ver = 1, 0, 0, 1 | Size = 1566144 bytes | Modified Date = 12/7/2003 1:59:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.80.0 | Size = 406048 bytes | Modified Date = 11/21/2001 1:34:08 PM | Attr = R ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/21/2007 6:48:50 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:55 PM

Posted 30 March 2007 - 04:44 PM

Hi DRaley. It did clean everything out it was supposed to so it probably had a problem cleaning out the temp folders. Let's use a different tool for that and see what happens.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Let me know if there were any problems running ATF-Cleaner and if you are still having any other issues.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users