Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infecte With A Kind Of Win32 Virus


  • Please log in to reply
57 replies to this topic

#16 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 26 April 2007 - 10:39 AM

:thumbsup: win32/rustock.gen!c i found it when i was going through my history on the aol search browser
i cant clear it so when the virus first reared its ugly a** head thats what windows liveonecare said
it might have came from a limewire download i know i know limewire bad!!!!! :flowers:

BC AdBot (Login to Remove)

 


#17 sarahw

sarahw

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 28 April 2007 - 09:38 AM

Hi dagschic,

Download rustbfix.exe and save it to your desktop.

Double click on rustbfix.exe to run the tool.
If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically.
After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

Post the content of these logfiles.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post these logs in your next reply with a fresh Hijack This log :thumbsup:

#18 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 April 2007 - 07:58 PM

Hi SarahW. Thanks for getting back with me I truly appreciate it. I am so sorry this is such a tricky problem. Here are the logs you requested.Logfile of HijackThis v1.99.1
Scan saved at 7:46:42 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\1172097385\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172097385\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DCB3E8-5A3F-41AC-92C2-BA1B163FFF49}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
"Brandy" - 07-04-28 17:09:13 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Brandy\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))


2007-04-28 17:07 <DIR> d-------- C:\avenger
2007-04-28 17:00 <DIR> d-------- C:\Rustbfix
2007-04-23 09:57 <DIR> d-------- C:\winpfind
2007-04-21 12:41 347,253 --a------ C:\system32.vbs
2007-04-21 11:49 <DIR> d-------- C:\silentrunners
2007-04-18 13:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-18 00:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-17 19:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-14 05:19 120 --a------ C:\drmHeader.bin
2007-04-13 23:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-13 23:13 <DIR> d-------- C:\DOCUME~1\Brandy\.housecall6.6
2007-04-13 16:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-04-12 07:20 <DIR> d-------- C:\WINDOWS\Diner Dash
2007-04-12 07:20 <DIR> d-------- C:\Program Files\Diner Dash
2007-04-08 23:14 <DIR> d-------- C:\Program Files\AOL Games
2007-04-04 21:57 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-04 20:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-04 20:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-04 19:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-04-04 03:14 <DIR> d-------- C:\DOCUME~1\Brandy\APPLIC~1\DivX
2007-04-04 03:09 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-04 03:09 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-04 03:09 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-04 03:09 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-04 03:09 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-04 03:09 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-04-04 03:09 <DIR> d-------- C:\Program Files\DivX
2007-04-04 00:57 <DIR> d-------- C:\WINDOWS\pss
2007-03-30 03:54 65,003 --a------ C:\WINDOWS\installer.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-19 11:56 -------- d-------- C:\Program Files\windows defender
2007-04-19 11:56 -------- d-------- C:\Program Files\quicktime
2007-04-18 19:40 -------- d-------- C:\Program Files\aol toolbar
2007-04-17 21:33 -------- d-------- C:\Program Files\spywareblaster
2007-04-13 22:14 -------- d-------- C:\DOCUME~1\Brandy\APPLIC~1\help
2007-04-04 21:32 -------- d-------- C:\Program Files\yahoo!
2007-04-01 20:58 -------- d--h----- C:\Program Files\installshield installation information
2007-03-27 02:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-03-27 02:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 02:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 02:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 02:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 02:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-03-27 02:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 02:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-03-27 02:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 02:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 02:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 02:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 02:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 02:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 02:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 02:48 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-03-23 17:03 -------- d-------- C:\Program Files\disney interactive
2007-03-23 06:07 583504 --------- C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07 1683280 --------- C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25 124928 --------- C:\WINDOWS\system32\prntvpt.dll
2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-04 11:10 10920 --a------ C:\aolconnfix.exe
2007-02-15 20:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-15 13:06 0 -rahs---- C:\MSDOS.SYS
2007-02-15 13:06 0 -rahs---- C:\IO.SYS
2007-02-15 13:06 0 --a------ C:\CONFIG.SYS
2007-02-15 13:06 0 --a------ C:\AUTOEXEC.BAT
2007-02-15 13:03 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-02-15 06:52 62 --ahs---- C:\DOCUME~1\Brandy\APPLIC~1\desktop.ini
2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1172097385\\ee\\AOLSoftware.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-28 17:12:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-28 17:12:31
C:\ComboFix-quarantined-files.txt ... 07-04-28 17:12

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 80


Error: could not create reboot file.
Error code: 80


Error: could not create reboot batch.
Error code: 80


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\beoqdfrk

*******************

Script file located at: \??\C:\upvnwhkm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ufmtpbom

*******************

Script file located at: \??\C:\WINDOWS\oxxsqobn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!

Could not process line:
PE386
Status: 0xc0000034

Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate. ************************* Rustock.b-fix -- By ejvindh *************************
07-04-28 17:01:48.66

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 73098
Total size: 73098 bytes.
Attempting to remove ADS...
system32: deleted 73098 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************

#19 sarahw

sarahw

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 30 April 2007 - 06:21 AM

Hi dagschic,
How is the computer running now

#20 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 30 April 2007 - 08:08 AM

Yay!!!!! I can use firefox now to get on bleeping so thats good now. I havent had a restart yet. When I brought up firefox it told me it wasnt my default browser which it is supposed to be so that was changed. I put it back.Hopefully it will stay. When I updated spybot I got a message that said "access violation at address 004b3c84 in module spybot sd.exe read of address 00000004 Dont know what that means. Should I do a safe mode scan with all my spyware and virus scans now that it seems better? Or will I need new installations,could they have been tampered with?

#21 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 30 April 2007 - 08:45 AM

I ran avast just to see if I could and this is a copy of what I got. avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Documents and Settings\Brandy\Desktop\aswclnr.log

4/30/2007, 8:20:59 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (55.4s).
----------
Files scanning started...
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\APP10708.LST... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Apps.Lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\main.idx... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sysnews.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Toolbar.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\sdagschic... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\sdagsch00... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7B9B6510-8F3E-4DE0-9C69-C0755DF3C5A4}... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temp\hsperfdata_Brandy\zzzzzzzz.zzz... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (22325 files, 0 infected, 467.1s).
Drives scanned: C:
----------

#22 sarahw

sarahw

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 01 May 2007 - 12:52 AM

Hi dagschic,
I have seen problems with Spybot after infetions. You can reinstall Spybot to see if that helps.
I recomend you get the latest version from here
smile.gif
Tell me if that works, and if you are having any more problems with your computer. smile.gif

The log you posted looks clean, except for this line:
C:\Documents and Settings\Brandy\Local
Settings\Temp\hsperfdata_Brandy\zzzzzzzz.zzz... file could not be scanned!


Do you know what this file is in your temp folder? If you don't, it would be safe to delete this file.

#23 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 01 May 2007 - 08:45 AM

Hi SarahW,
Im glad you mentioned that file because I dont know what it is. I have tried to delete it in safe mode, have even tried renaming it but it wont go away. It showed up around the time of the problems though. Whats this mean?"smile.gif"
I will reinstall spybot and get back with you tomorrow to see how its doing. Thanks SarahW, i appreciate your help

#24 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 May 2007 - 02:21 PM

When I reinstalled spybot and updated it I was told that 17544 products were blocked and that 502 were possible so I need to immunize.Well when I do it says the same thing some are hiding. When I tried to pull it up my pc disconnected.Dont know why.

#25 sarahw

sarahw

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 04 May 2007 - 12:46 AM

Hi dagschic,
Are you expiriencing any problems when logging off? Is the computer taking a long time when the computer says saving your settings or logging off? That file is likely caused by a problem with java. There are a few fixes availiable for it, but I would like you to uninstall all versions of java you have by clicking Start, then Control Panel. Open Add\Remove Programs and scroll down for any versions of Java you find. Then Could you please reinstall Java from Here.
Post back with a fresh HJT log, and rescan and post back with a fresh avast log also.

#26 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 04 May 2007 - 09:22 AM

Hi SarahW,
No logging off probs that I am aware of,its usually been kinda slow when saving my setting actually. I tried again in safe mode to delete the file and it is gone now.but everytime I logon I have that hsperfdata_brandy file.Do you know why? I installed java again from sun.The link you sent did not work, hope I got the right one. Here are the logs you requested, and thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 9:05:20 AM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1172097385\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172097385\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DCB3E8-5A3F-41AC-92C2-BA1B163FFF49}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

WHY CANT IT SCAN ALL THESE FILES????
avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Documents and Settings\Brandy\Desktop\aswclnr.log

5/4/2007, 9:08:06 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (46.1s).
----------
Files scanning started...
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\APP10708.LST... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Apps.Lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\main.idx... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sysnews.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Toolbar.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\sdagschic... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\sdagsch00... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DADEBE7A-8B27-4E25-9CD7-FE95F18E2524}... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (21861 files, 0 infected, 491.5s).
Drives scanned: C:
----------

#27 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 06 May 2007 - 11:25 AM

Hi SarahW,
I ran a scan and came up with this. I was not allowed to take any action on those items.I quarintined a few but thats all that popped up.when the scan finished it just popped over to the next action. I also have a little red x at the bottom toolbar that says "windows has detected spyware infection windows will now download and install the latest anti spyware program for you.I got this red x before and remember it being bad so I didnt click it. --------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:56:07 AM 5/6/2007

+ Scan result:



C:\Program Files\BraveSentry -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry.exe -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry.lic -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry0.bs -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry0.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry1.bs -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry2.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry3.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\Uninstall.exe -> Adware.Bravesentry : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\2J4O9ZJ9\mailcoll[2].exe -> Backdoor.Agent.aju : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\v4x3.ga2me -> Downloader.Agent.bls : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\1.dllb -> Downloader.Small : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\v5x2.g3ame -> Downloader.Small.eip : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\2YQ7FZIY\krab03[1].exe -> Dropper.Agent.ol : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\nlfeegzx.exe -> Hijacker.Small.cc : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\2J4O9ZJ9\runfile[1].exe -> Hijacker.Small.cc : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\uomvkxta.exe -> Hijacker.Small.mr : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\MTX3D723\load[1].php -> Hijacker.Small.mr : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\hd10C.tmp -> Proxy.Dlena : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\21YITURI\winsp4[2].exe -> Proxy.Dlena.cp : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\5.dllb -> Worm.Nuwar : No action taken.
C:\Documents and Settings\Brandy\Local Settings\Temp\vx1t1.game -> Worm.Zhelatin.by : No action taken.


::Report end
Logfile of HijackThis v1.99.1
Scan saved at 10:59:48 AM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\AOL\1172097385\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172097385\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DCB3E8-5A3F-41AC-92C2-BA1B163FFF49}: NameServer = 205.188.146.145
O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\system32\rpcc1.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi62935.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Documents and Settings\Brandy\Desktop\aswclnr.log

5/6/2007, 11:00:45 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (87.0s).
----------
Files scanning started...
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\APP10708.LST... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Apps.Lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\main.idx... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sysnews.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Toolbar.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\sdagschic... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\sdagsch00... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9E216AB8-EC9A-446A-900D-F86A0D52578D}... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temp\nlfeegzx.exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temp\Perflib_Perfdata_168.dat... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temp\uomvkxta.exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\21YITURI\winsp4[2].exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\21YITURI\zgame3[1]... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\2J4O9ZJ9\runfile[1].exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\2YQ7FZIY\krab03[1].exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\MTX3D723\load[1].php... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\MTX3D723\ztool3[1]... file could not be scanned!
C:\Program Files\BraveSentry\BraveSentry.exe... file could not be scanned!
C:\Program Files\BraveSentry\BraveSentry3.dll... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (22402 files, 0 infected, 480.2s).
Drives scanned: C:
----------

#28 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 06 May 2007 - 11:53 AM

Heres some more too.

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, May 06, 2007 11:23:21 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R167 23.04.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdwareSheriff(TAC index:5):1 total references
Win32.Worm.Zhelatin(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-6-2007 11:23:21 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 420
ThreadCreationTime : 5-5-2007 5:25:55 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 5-5-2007 5:25:57 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 5-5-2007 5:26:01 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 5-5-2007 5:26:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 5-5-2007 5:26:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 5-5-2007 5:26:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 5-5-2007 5:26:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 792
ThreadCreationTime : 5-5-2007 5:26:03 PM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 848
ThreadCreationTime : 5-5-2007 5:26:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 5-5-2007 5:26:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 5-5-2007 5:26:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1040
ThreadCreationTime : 5-5-2007 5:26:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1272
ThreadCreationTime : 5-5-2007 5:26:08 PM
BasePriority : Normal
FileVersion : 6.00.2900.2649 (xpsp.050406-1732)
ProductVersion : 6.00.2900.2649
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1320
ThreadCreationTime : 5-5-2007 5:26:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1480
ThreadCreationTime : 5-5-2007 5:26:09 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:16 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1492
ThreadCreationTime : 5-5-2007 5:26:09 PM
BasePriority : Normal
FileVersion : 7.5.0.453
ProductVersion : 7.5.0.453
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:17 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1564
ThreadCreationTime : 5-5-2007 5:26:10 PM
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:18 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1576
ThreadCreationTime : 5-5-2007 5:26:10 PM
BasePriority : Normal
FileVersion : 7.5.0.460
ProductVersion : 7.5.0.460
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:19 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1676
ThreadCreationTime : 5-5-2007 5:26:10 PM
BasePriority : Normal
FileVersion : 6.14.10.9147
ProductVersion : 6.14.10.9147
ProductName : NVIDIA Driver Helper Service, Version 91.47
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 91.47
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:20 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1764
ThreadCreationTime : 5-5-2007 5:26:10 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:21 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2028
ThreadCreationTime : 5-5-2007 5:26:14 PM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:22 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 128
ThreadCreationTime : 5-5-2007 5:26:14 PM
BasePriority : Normal
FileVersion : 5.0.02
ProductVersion : 5.0.02
ProductName : Avance Sound Manager
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2002 Avance Logic, Inc.
OriginalFilename : ALSMTray.exe
Comments : Avance AC97 Audio Sound Manager

#:23 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 168
ThreadCreationTime : 5-5-2007 5:26:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:24 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 176
ThreadCreationTime : 5-5-2007 5:26:15 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:25 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 208
ThreadCreationTime : 5-5-2007 5:26:15 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:26 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 232
ThreadCreationTime : 5-5-2007 5:26:16 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 74
ProductVersion : 1, 0, 0, 74
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:27 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 260
ThreadCreationTime : 5-5-2007 5:26:16 PM
BasePriority : Normal
FileVersion : 7.5.0.460
ProductVersion : 7.5.0.460
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:28 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 360
ThreadCreationTime : 5-5-2007 5:26:17 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:29 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_01\bin\
ProcessID : 392
ThreadCreationTime : 5-5-2007 5:26:19 PM
BasePriority : Normal


#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 468
ThreadCreationTime : 5-5-2007 5:26:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1556
ThreadCreationTime : 5-5-2007 5:26:33 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:32 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2320
ThreadCreationTime : 5-5-2007 5:26:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:33 [aoltray.exe]
FilePath : C:\Program Files\America Online 9.0\
ProcessID : 2396
ThreadCreationTime : 5-5-2007 5:26:54 PM
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004

#:34 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1172097385\ee\
ProcessID : 4088
ThreadCreationTime : 5-6-2007 12:06:47 PM
BasePriority : Normal
FileVersion : 1.5.6.1
ProductVersion : 1.5.6.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:35 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1168
ThreadCreationTime : 5-6-2007 12:07:53 PM
BasePriority : Normal


#:36 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3480
ThreadCreationTime : 5-6-2007 2:28:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1136
ThreadCreationTime : 5-6-2007 4:23:00 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Worm.Zhelatin Object Recognized!
Type : File
Data : 5.dllb
TAC Rating : 10
Category : Worm
Comment :
Object : C:\Documents and Settings\Brandy\Local Settings\Temp\



Win32.Worm.Zhelatin Object Recognized!
Type : File
Data : vx1t1.game
TAC Rating : 10
Category : Worm
Comment :
Object : C:\Documents and Settings\Brandy\Local Settings\Temp\



AdwareSheriff Object Recognized!
Type : File
Data : BraveSentry0.bs
TAC Rating : 5
Category : Misc
Comment :
Object : C:\Program Files\BraveSentry\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Worm.Zhelatin Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Worm
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\run
Value : windows update loader

Win32.Worm.Zhelatin Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Worm
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : system

Win32.Worm.Zhelatin Object Recognized!
Type : Folder
TAC Rating : 10
Category : Worm
Comment : Win32.Worm.Zhelatin
Object : C:\Program Files\BraveSentry

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 6

11:31:52 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:31.295
Objects scanned:113689
Objects identified:6
Objects ignored:0
New critical objects:6

#29 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 06 May 2007 - 12:36 PM

5/6/2007, 11:00:45 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (87.0s).
----------
Files scanning started...
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\APP10708.LST... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Apps.Lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\main.idx... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sysnews.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Toolbar.lst... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\sdagschic... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\sdagsch00... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9E216AB8-EC9A-446A-900D-F86A0D52578D}... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temp\nlfeegzx.exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temp\Perflib_Perfdata_168.dat... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temp\uomvkxta.exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\21YITURI\winsp4[2].exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\21YITURI\zgame3[1]... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\2J4O9ZJ9\runfile[1].exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\2YQ7FZIY\krab03[1].exe... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\MTX3D723\load[1].php... file could not be scanned!
C:\Documents and Settings\Brandy\Local Settings\Temporary Internet Files\Content.IE5\MTX3D723\ztool3[1]... file could not be scanned!
C:\Program Files\BraveSentry\BraveSentry.exe... file could not be scanned!
C:\Program Files\BraveSentry\BraveSentry3.dll... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (22402 files, 0 infected, 480.2s).
Drives scanned: C:
----------

--- Search result list ---
CoolWWWSearch: Text file (File, nothing done)
C:\WINDOWS\system32\vx.tll

SpySheriff: Text file (File, nothing done)
C:\WINDOWS\system32\svcp.csv

SpySheriff: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-790525478-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn!=dword:0

Smitfraud-C.: Executable (File, nothing done)
C:\WINDOWS\system32\dlh9jkd1q6.exe

Smitfraud-C.: Executable (File, nothing done)
C:\WINDOWS\system32\dlh9jkd1q7.exe

Smitfraud-C.: Executable (File, nothing done)
C:\WINDOWS\system32\dlh9jkd1q8.exe

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wincom32

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts

Smitfraud-C.: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-790525478-839522115-1343024091-1004\WindowsSubVersion

Smitfraud-C.: Web page (File, nothing done)
C:\WINDOWS\system32\winsub.xml

Microsoft.Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-790525478-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Microsoft.Windows.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-790525478-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn!=W=0


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-25 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-25 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-25 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-25 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-25 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-25 Includes\PUPSC.sbi (*)
2007-04-25 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-25 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-25 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-25 Includes\Trojans.sbi (*)
2007-04-25 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB925168)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ MSXML 2 / SP6: Hotfix for MSXML 2 (KB887606)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Hotfix for Windows XP (KB319740)
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB884020
/ Windows XP / SP3: Windows XP Hotfix - KB884883
/ Windows XP / SP3: Windows XP Hotfix - KB885222
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB886677
/ Windows XP / SP3: Windows XP Hotfix - KB886716
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Hotfix for Windows XP (KB889527)
/ Windows XP / SP3: Windows XP Hotfix - KB889673
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows XP Hotfix - KB894395
/ Windows XP / SP3: Update for Windows XP (KB896256)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Windows XP Hotfix - KB896626
/ Windows XP / SP3: Hotfix for Windows XP (KB897338)
/ Windows XP / SP3: Update for Windows XP (KB897663)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB898900)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Hotfix for Windows XP (KB903234)
/ Windows XP / SP3: Hotfix for Windows XP (KB904412)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Hotfix for Windows XP (KB906569)
/ Windows XP / SP3: Update for Windows XP (KB907265)
/ Windows XP / SP3: Hotfix for Windows XP (KB907865)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908521)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Hotfix for Windows XP (KB912461)
/ Windows XP / SP3: Hotfix for Windows XP (KB912817)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Hotfix for Windows XP (KB913538)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Update for Windows XP (KB916846)
/ Windows XP / SP3: Hotfix for Windows XP (KB917021)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Hotfix for Windows XP (KB918005)
/ Windows XP / SP3: Hotfix for Windows XP (KB918093)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Hotfix for Windows XP (KB918997)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Update for Windows XP (KB922120)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Hotfix for Windows XP (KB924867)
/ Windows XP / SP3: Hotfix for Windows XP (KB924941)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Windows PowerShell™ 1.0
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Hotfix for Windows XP (KB927544)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Hotfix for Windows XP (KB928388)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608

Located: HK_LM:Run, AOL Spyware Protection
command: "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
file: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 217697c43bff8d740cfbb9ad87621519

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 71216
MD5: b9b78f0d9aebca8f717680fbabbb5ff4

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 151552
MD5: af57137847e90a9a45970e1c21c7e67b

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200c98c049de1a7638ea0edba1c8882

Located: HK_LM:Run, Cmaudio
command: RunDll32 cmicnfg.cpl,CMICtrlWnd
file:

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1172097385\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1172097385\ee\AOLSoftware.exe
size: 50736
MD5: c482c535cbfefe722ec1eb7f11f680a3

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 66db459386d7bf62852b1bfa029fb887

Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: ba99c608a075c44026720d5383f3d75b

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: 491b29d2495c5f69b23e449f8eee2d4a

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9c1c80bbf8e6044980890e2d2d91091c

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac

Located: HK_LM:RunOnce, AOLRebootNeeded
command: regsvr32.exe /S
file: C:\WINDOWS\system32\regsvr32.exe
size: 11776
MD5: 9709ead856a690333138ac40804f914e

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, Yahoo! Pager
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670968
MD5: 68bbc74ec6766ba4176f4865c4b43361

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
size: 40048
MD5: 54c88bfbd055621e2306534f445c0c8d

Located: Startup (common), Adobe Reader Synchronizer.lnk
command: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
file: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
size: 734872
MD5: 169c293ce9460a05646d17dc6aa2fb2c

Located: Startup (common), America Online 9.0 Tray Icon.lnk
command: C:\Program Files\America Online 9.0\aoltray.exe
file: C:\Program Files\America Online 9.0\aoltray.exe
size: 156784
MD5: d3e103e5b79a6e8ba5b58e0a7c21523b

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, rpcc1
command: C:\WINDOWS\system32\rpcc1.dll
file: C:\WINDOWS\system32\rpcc1.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---


--- ActiveX list ---
{215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.6
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 3/5/2007 8:26:20 PM
Date (last access): 5/6/2007 12:23:52 PM
Date (last write): 3/5/2007 8:26:20 PM
Filesize: 385536
Attributes: archive
MD5: BF3D59E4AF25CB1CD3B3886BE1B118D2
CRC32: A1C98A94
Version: 6.51.0.1020

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 5/6/2007 12:23:52 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6



--- Process list ---
PID: 0 ( 0) [System]
PID: 420 ( 4) \SystemRoot\System32\smss.exe
PID: 476 ( 420) \??\C:\WINDOWS\system32\csrss.exe
PID: 504 ( 420) \??\C:\WINDOWS\system32\winlogon.exe
PID: 548 ( 504) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 560 ( 504) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 708 ( 548) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 756 ( 548) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 792 ( 548) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 848 ( 548) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 880 ( 548) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1024 ( 548) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1040 ( 548) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1272 (1244) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: 45757077A47C68A603A79B03A1A836AB
PID: 1320 ( 548) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1480 ( 548) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 1492 ( 548) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 353280
MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
PID: 1564 ( 548) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1576 ( 548) C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 351744
MD5: C6A162BEDAA82DBE9EBF8C7EEBD2929B
PID: 1676 ( 548) C:\WINDOWS\system32\nvsvc32.exe
size: 155715
MD5: 60D62603950220B51DF57E461A601659
PID: 1764 ( 548) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: EB9A99AB5D17B1727034FF191E6448D7
PID: 2028 (1272) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 128 (1272) C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: 491B29D2495C5F69B23E449F8EEE2D4A
PID: 168 (1272) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 176 (1272) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915A106A2FB87292CEF0AD4F36ADF313
PID: 208 (1272) C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: C341CCFBE98BC7DF6E0B856BB9FC265A
PID: 232 (1272) C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 217697C43BFF8D740CFBB9AD87621519
PID: 260 (1272) C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200C98C049DE1A7638EA0EDBA1C8882
PID: 360 (1272) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01D90AE5DCCBCE0C7B52874FEC35A608
PID: 392 (1272) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C
PID: 468 (1272) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1556 (1272) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 2320 ( 548) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2396 (1272) C:\Program Files\America Online 9.0\aoltray.exe
size: 156784
MD5: D3E103E5B79A6E8BA5B58E0A7C21523B
PID: 4088 (1684) C:\Program Files\Common Files\AOL\1172097385\ee\aolsoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3
PID: 1168 ( 548) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 3480 ( 504) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3552 ( 656) C:\Program Files\America Online 9.0\waol.exe
size: 259632
MD5: BFD51F8D92DCDF00E5A2EA9D8A222B28
PID: 2996 (3552) C:\Program Files\America Online 9.0\shellmon.exe
size: 39000
MD5: AEAA213A69425B304BD3DAB22C3A26D6
PID: 2980 (3552) C:\Program Files\Common Files\Aol\aoltpspd.exe
size: 487518
MD5: 53761703DE6F29DB93F1176A2082453D
PID: 3260 (1272) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/6/2007 12:26:54 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\First Home Page
C:\Program Files\AOL Toolbar\welcome.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(AddressBook)

Adobe Shockwave Player 10.2.0.21 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

AOL Spyware Protection 1.0.66 (AOL Spyware Protection)
uninstall cmd: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
publisher: AOL Spyware Protection
comments: AOL Spyware Protection

AOL Toolbar (AOL Toolbar)
uninstall cmd: "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"

AOL Uninstaller (Choose which Products to Remove) (AOL Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe

AOL Coach Version 1.0(Build:20040229.1 en) (AOLCoach)
uninstall cmd: C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe

(AOLOCP_N)

AVG Anti-Virus 7.1 (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(Branding)

C-Media WDM Audio Driver (C-Media Audio Driver)
uninstall cmd: C:\WINDOWS\system32\cmirmdrv.exe

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

(Connection Manager)

Diner Dash 1.0 (Cracked By CoffeeMan) (Diner Dash1.0 (Cracked By CoffeeMan))
uninstall cmd: "C:\WINDOWS\Diner Dash\uninstall.exe" "/U:C:\Program Files\Diner Dash\Uninstall\uninstall.xml"
publisher: Sir Galahad
contact: Sir Galahad Support Department

(DirectAnimation)

(DirectDrawEx)

DivX Content Uploader 1.2.1 (DivX Content Uploader)
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
publisher: DivX, Inc.

(DXM_Runtime)

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20070215
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

Kaspersky Online Scanner 5.0.83.0 (Kaspersky Online Scanner)
estimated size: 6040
install location: C:\WINDOWS\system32\KASPER~1\KASPER~1
uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://www.kaspersky.com/support.asp

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

Hotfix for MSXML 2 (KB887606) 1 (KB887606_26)
uninstall cmd: "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB887606

(KB887626)

(KB888656)

(KB889858)

(KB891122)

(KB892313)

(KB893240)

(KB893241)

(KB893803)

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(KB911565)

(KB911854)

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Security Update for Windows XP (KB923789) (KB923789)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923789

Security Update for Windows Internet Explorer 7 (KB928090) 20070117.120000 (KB928090-IE7)
install date: 20070216
uninstall cmd: "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090

Security Update for Windows Internet Explorer 7 (KB929969) 20061222.120000 (KB929969)
install date: 20070216
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969

(KBKB319740)

LimeWire 4.12.11 4.12.11 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Microsoft .NET Framework 1.1 Hotfix (KB925168) (M925168)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M925168\M925168Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

Microsoft .NET Framework 3.0 (Microsoft .NET Framework 3.0)
install location: c:\WINDOWS\Microsoft.NET\Framework\v3.0\
uninstall cmd: c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=51019

(MobileOptionPack)

Mozilla Firefox (2.0.0.3) 2.0.0.3 (en-US) (Mozilla Firefox (2.0.0.3))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvudisp.exe UninstallGUI

(OutlookExpress)

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Pure Networks Port Magic 1.2.1393.0 (Port Magic)
install location: C:\PROGRA~1\PURENE~1\PORTMA~1
uninstall cmd: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
publisher: Pure Networks
help link: http://aol-support.purenetworks.com

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

(Shockwave)

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Learn2 Player (Uninstall Only) (StreetPlugin)
uninstall cmd: C:\Program Files\Learn2.com\StRunner\stuninst.exe

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20070216
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify)
install date: 20070326
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Imaging Component 3.0.0.0 (WIC)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Windows Live OneCare safety scanner (Windows Live OneCare safety scanner)
uninstall cmd: RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
install date: 20070215
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=test

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Microsoft .NET Framework 3.0 3.0.04506.30 ({15095BF3-A3D7-4DDF-B193-3A496881E003})
version: 50336154
version (major): 3
estimated size: 16102
install date: 20070215
install location: c:\WINDOWS\Microsoft.NET\Framework\v3.0\
install source: c:\af6a7d07e4b242ea473cd3dae42a96ac\
uninstall cmd: MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
publisher: Microsoft Corporation

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

Disney Princess Royal Horse Show 1.0 ({2387D970-F42D-4278-AA40-7B727F9721FC})
version: 16777216
install location: C:\WINDOWS\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2387D970-F42D-4278-AA40-7B727F9721FC}\setup.exe" -l0x9 Disney Princess Royal Horse Show

Java™ SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 137306
install date: 20070504
install source: http://javadl.sun.com/webapps/download/Get...6/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 628
install date: 20070303
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20070215
install source: C:\Program Files\AutoPatcher\modules\Components\msxml\MSXML4SP2\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

Microsoft Windows Journal Viewer 1.5.2316.0 ({43DCF766-6838-4F9A-8C91-D92DA586DFA8})
version: 17107212
version (major): 1
version (minor): 5
estimated size: 3856
install date: 20070215
install source: C:\DOCUME~1\Brandy\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
publisher: Microsoft
comments: A viewer for Windows Journal documents.
contact: Microsoft

Windows Communication Foundation 3.0.04506.30 ({491DD792-AD81-429C-9EB4-86DD3D22E333})
version: 50336154
version (major): 3
estimated size: 90556
install date: 20070215
install source: C:\DOCUME~1\Brandy\LOCALS~1\Temp\IXP0280A.tmp\wcu\wcf\
uninstall cmd: MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
publisher: Microsoft Corporation

MSXML 6.0 Parser (KB927977) 6.00.3890.0 ({5A710547-B58E-488B-828D-CA9A25A0533C})
version: 100667186
version (major): 6
estimated size: 1332
install date: 20070215
install source: C:\Program Files\AutoPatcher\modules\Components\msxml\MSXML6\
uninstall cmd: MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927977

({62369F2F77534556AEF4C58152E3BDE5})

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 218792
install date: 20070215
install source: C:\DOCUME~1\Brandy\LOCALS~1\Temp\IXP023CE.tmp\wcu\dotnetframework\
publisher: Microsoft Corporation

6.2.1 ({7585478E9D9B42108671C12F8714CEFE})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 3045
install date: 20070227
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com

DivX Codec 6.5.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

Software Update for Web Folders 9.60.6715.0 ({7CCEBC24-62DB-4280-A8EC-BFA49F167920})
version: 154933819
version (major): 9
version (minor): 60
estimated size: 2416
install date: 20070215
install source: C:\DOCUME~1\Brandy\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Windows Workflow Foundation 3.0.4203.2 ({7D1B85BD-AA07-48B8-808D-67A4067FC6BD})
version: 50335851
version (major): 3
estimated size: 18672
install date: 20070215
install location: c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
install source: c:\af6a7d07e4b242ea473cd3dae42a96ac\wcu\wf\
uninstall cmd: MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
publisher: Microsoft Corporation

DivX Player 6.4.3 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

Windows Defender 1.1.1593.0 ({A06275F4-324B-4E85-95E6-87B2CD729401})
version: 16844345
version (major): 1
version (minor): 1
estimated size: 9322
install date: 20070215
install source: C:\Program Files\AutoPatcher\modules\Components\WindowsDefender\
uninstall cmd: MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=55273

Adobe Reader 8 8.0.0 ({AC76BA86-7AD7-1033-7B44-A80000000002})
version: 134217728
version (major): 8
estimated size: 119925
install date: 20070319
install location: C:\Program Files\Adobe\Reader 8.0\Reader\
install source: C:\DOCUME~1\Brandy\LOCALS~1\Temp\Adobe Reader 8.0\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

DivX Converter 6.2.1 ({B13A7C41581B411290FBC0395694E2A9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

DivX Web Player 1.3.1 ({B7050CBDB2504B34BC2A9CA0A692CC29})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
publisher: DivX,Inc.

Windows Presentation Foundation 3.0.6920.0 ({BAF78226-3200-4DB4-BE33-4D922A799840})
version: 50338568
version (major): 3
estimated size: 117878
install date: 20070215
install source: c:\af6a7d07e4b242ea473cd3dae42a96ac\wcu\wpf\
uninstall cmd: MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
publisher: Microsoft Corporation

Windows Rights Management Client with Service Pack 2 5.2.70 ({BDCF27CA-BFC4-4F49-8D24-A925C9505AB8})
version: 84017222
version (major): 5
version (minor): 2
estimated size: 3505
install date: 20070215
install source: c:\e6106927b32faca4505b0ff0d3a7dc\
uninstall cmd: MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
publisher: Microsoft
help link: http://support.microsoft.com?kbid=917275

Western Australian Time Zone Update 1.0.0.2 ({C098DAEC-29EF-4A59-B18E-0E950169CA3C})
version: 16777216
version (major): 1
estimated size: 40
install date: 20070215
install source: C:\Program Files\AutoPatcher\modules\NonCritical\KB928939_enu.amc_files\
uninstall cmd: MsiExec.exe /X{C098DAEC-29EF-4A59-B18E-0E950169CA3C}
publisher: Microsoft Corporation
help link: http://support.microsoft.com

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 48392
install date: 20070215
install source: C:\DOCUME~1\Brandy\LOCALS~1\Temp\7zS5B.tmp\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Windows Rights Management Client Backwards Compatibility SP2 5.2.70 ({EC905264-BCFE-423B-9C42-C3A106266790})
version: 84017222
version (major): 5
version (minor): 2
estimated size: 304
install date: 20070215
install source: c:\e6106927b32faca4505b0ff0d3a7dc\
uninstall cmd: MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
publisher: Microsoft
help link: http://support.microsoft.com?kbid=917275

HighMAT Extension to Microsoft Windows XP CD Writing Wizard 1.1.1905.1 ({FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F})
version: 16844657
version (major): 1
version (minor): 1
estimated size: 2182
install date: 20070215
install location: C:\Program Files\HighMAT CD Writing Wizard\
install source: C:\WINDOWS\Downloaded Installations\{E5F4F90F-8E25-4FD8-B51F-256EB9AF6E98}\
uninstall cmd: MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
publisher: Microsoft Corporation
readme: C:\Program Files\HighMAT CD Writing Wizard\1033\\HighMAT_readme.htm



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry

#30 dagschic

dagschic
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 06 May 2007 - 08:31 PM

Man this is getting crazy when i turned the pc on today the firewall was turned off and somehow my background on the desktop is HUGE I have no idea why but I cant change it. I have tried putting different backgrounds on but they are still huge.I also cant read a dvd-rw i have two drives but it says insert disc or it spits it out of the other drive




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users