Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware & Popup Problems


  • Please log in to reply
5 replies to this topic

#1 dinobrago

dinobrago

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 18 May 2007 - 01:41 PM

I have been working to get rid of malware and I have been through all the prerequisites.

I downloaded Hijackthis from this site. I can run it and scan my machine but Hijackthis crashes when I try to save the log file.

Any help on this? I tried to search the forums but I did not find anything.

Dino

WinXP Pro SP2
3GHz P4
2GB RAM

Edited by dinobrago, 18 May 2007 - 02:05 PM.


BC AdBot (Login to Remove)

 


#2 dinobrago

dinobrago
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 18 May 2007 - 02:36 PM

I could not get the 1.99 version of Hijackthis to work on my computer. It crashes whenever I try to write the log file. This is from v2b.

But I need your help to get rid of these darn pests!!

Dino

Scan saved at 12:23:55 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
D:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
d:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
d:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Copernic\DesktopSearchService.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
d:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Trumba\CalendarSync\TrumbaCalendarSync.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\ScanSoft\PaperPort\PaprPort.exe
D:\Program Files\ScanSoft\PaperPort\PPLINKS.EXE
d:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\dcyucpdd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {917F63B8-306F-41D9-9676-EFACC50CBA60} - C:\WINDOWS\system32\pmkhh.dll
O2 - BHO: (no name) - {A1633753-8E91-4679-A3A3-848309F53415} - C:\WINDOWS\system32\sstqo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\qomlllj.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - d:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - d:\Program Files\Copernic\DesktopSearchBand2526.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TotalRecorderScheduler] "d:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "D:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Critical Update Check] %Windir%\battlenet.exe
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "d:\Program Files\Copernic\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tec...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = goddette.com
O17 - HKLM\Software\..\Telephony: DomainName = goddette.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF6A587-817A-4C2F-A221-A0A7049D00E5}: NameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{91E63975-9031-42CE-AD6F-E9FCBB6BE8F7}: NameServer = 192.168.0.2,66.75.164.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = goddette.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = goddette.com
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll
O20 - Winlogon Notify: qomlllj - qomlllj.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - d:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - d:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

--
End of file - 14354 bytes

#3 dinobrago

dinobrago
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 18 May 2007 - 05:11 PM

After more cleaning & running in safe mode & cleaning, I got the 1.99.1 version to run. Here is the current logfile

Dino

Logfile of HijackThis v1.99.1
Scan saved at 15:02, on 2007-05-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
d:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
d:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
D:\Program Files\Copernic\DesktopSearchService.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
D:\Program Files\eMule\emule.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\system32\wuauclt.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - d:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - d:\Program Files\Copernic\DesktopSearchBand2526.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TotalRecorderScheduler] "d:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "D:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "d:\Program Files\Copernic\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\extensis\extensis suitcase 11\bonjour\mdnsnsp.dll
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tec...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = goddette.com
O17 - HKLM\Software\..\Telephony: DomainName = goddette.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF6A587-817A-4C2F-A221-A0A7049D00E5}: NameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{91E63975-9031-42CE-AD6F-E9FCBB6BE8F7}: NameServer = 192.168.0.2,66.75.164.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = goddette.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = goddette.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - d:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - d:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:11 AM

Posted 21 May 2007 - 04:32 PM

Hello dinobrago and welcome to the BC HijackThis forum. It looks like there were some items in the TrendMicro log but I don't see anything in the last log. Let's try a different scanner and see if it shows anything.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Desktop Components
      Reg - Disabled MS Config Items
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 dinobrago

dinobrago
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 21 May 2007 - 06:33 PM

It's possible that I got rid of the malware. I studied some of the other reports in the forum and followed the instructions to get rid of
a number of different malware problems. Here is the log:

Dino

WinPFind3 logfile created on: 2007-05-21 16:08:25
WinPFind3U by OldTimer - Version 1.0.37 Folder = C:\Documents and Settings\dgoddette.GODDETTE\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.57% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;D:\pagefile.sys 2000 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.80 Gb Free Space | 44.22% Space Free
Drive D: | 50.08 Gb Total Space | 26.78 Gb Free Space | 53.46% Space Free
Drive E: | 149.05 Gb Total Space | 10.44 Gb Free Space | 7.00% Space Free
F: Drive not present or media not loaded

Computer Name: LEONARDO
Current User Name: dgoddette
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 2006-01-12 21:52:32 | Attr = ]
agent.exe -> %CommonProgramFiles%\Acronis\Agent\agent.exe -> Acronis [Ver = 1,0,0,31 | Size = 315392 bytes | Modified Date = 2006-05-19 17:33:20 | Attr = ]
airpluscfg.exe -> D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe -> D-Link [Ver = 3, 3, 1, 60629 | Size = 1323008 bytes | Modified Date = 2006-07-07 12:56:38 | Attr = ]
apvxdwin.exe -> d:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe -> Panda Software International [Ver = 7.07.04.16 | Size = 628272 bytes | Modified Date = 2007-04-27 20:44:26 | Attr = ]
avengine.exe -> d:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE -> Panda Software International [Ver = 2, 1, 24, 0 | Size = 96816 bytes | Modified Date = 2007-03-15 16:51:46 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 2006-10-07 05:20:00 | Attr = ]
deskto~3.exe -> d:\Program Files\Copernic\DesktopSearchService.exe -> Copernic Technologies Inc. [Ver = 2.0.2.2526 | Size = 1546544 bytes | Modified Date = 2006-12-08 08:58:06 | Attr = ]
dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 10.0.593.0 | Size = 765952 bytes | Modified Date = 2005-11-23 07:58:04 | Attr = ]
emule.exe -> D:\Program Files\eMule\emule.exe -> http://www.emule-project.net [Ver = 0.47.2 Unicode | Size = 5001216 bytes | Modified Date = 2006-09-14 07:15:26 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 2006-09-28 07:13:20 | Attr = ]
hpwutbx.exe -> %ProgramFiles%\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe -> Hewlett-Packard Company [Ver = 2005.0919.0.0 | Size = 352256 bytes | Modified Date = 2005-09-19 12:31:48 | Attr = ]
mdnsresponder.exe -> D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 2006-08-11 18:42:50 | Attr = ]
pavb script:1|vb script:1|acrobat:2|file:2|mailto:2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\\DontReportInfectionInformation -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Netlogon\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownBrowse -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^0OzIj
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> gԋ4:?Ӽdg ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xȓ܊݄} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> *BV%M/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_ikj" ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> "8+; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->
< HOSTS File > (576262 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [SnagIt Toolbar Loader] -> TechSmith Corporation [Ver = 8.2.0.156 | Size = 63048 bytes | Modified Date = 2006-11-07 23:51:26 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Modified Date = 2006-05-03 03:14:38 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ]
{E5A1691B-D188-4419-AD02-90002030B8EE} [HKLM] -> d:\Program Files\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 2006-03-31 23:27:14 | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ]
{92A40B0A-740A-4A11-9DDB-70460C6DA383} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{968631B6-4729-440D-9BF4-251F5593EC9A} [HKLM] -> d:\Program Files\Copernic\DesktopSearchBand2526.dll [Copernic Desktop Search 2] -> Copernic Technologies Inc. [Ver = 2.0.2.2526 | Size = 1040176 bytes | Modified Date = 2006-12-08 08:58:22 | Attr = ]
{9C3FCA1F-99E3-48F2-A7F4-DD3931B2F99A} [HKLM] -> d:\Program Files\Copernic\DesktopSearchBand2526.dll [Copernic Desktop Search 2] -> Copernic Technologies Inc. [Ver = 2.0.2.2526 | Size = 1040176 bytes | Modified Date = 2006-12-08 08:58:22 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 8.2.0.156 | Size = 157256 bytes | Modified Date = 2006-11-07 23:51:36 | Attr = ]
{968631B6-4729-440D-9BF4-251F5593EC9A} [HKLM] -> d:\Program Files\Copernic\DesktopSearchBand2526.dll [Copernic Desktop Search 2] -> Copernic Technologies Inc. [Ver = 2.0.2.2526 | Size = 1040176 bytes | Modified Date = 2006-12-08 08:58:22 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ]
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{968631B6-4729-440D-9BF4-251F5593EC9A} [HKLM] -> d:\Program Files\Copernic\DesktopSearchBand2526.dll [Copernic Desktop Search 2] -> Copernic Technologies Inc. [Ver = 2.0.2.2526 | Size = 1040176 bytes | Modified Date = 2006-12-08 08:58:22 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_07\bin\npjpi150_07.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Modified Date = 2006-05-03 03:14:38 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_07\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Modified Date = 2006-05-03 03:14:38 | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Convert link target to Adobe PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{6DC16CCD-BDE3-4E96-9A67-0AC1C7D8B44D} -> (D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A)) ->
{8EF6A587-817A-4C2F-A221-A0A7049D00E5} -> 192.168.0.2 (D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A)) ->
{91E63975-9031-42CE-AD6F-E9FCBB6BE8F7} -> 192.168.0.2,66.75.164.90 (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2006-02-28 12:42:30 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> d:\Program Files\Panda Software\Panda Internet Security 2007\pavlsp.dll -> Panda Software International [Ver = 7, 4, 21, 76 | Size = 177712 bytes | Modified Date = 2007-04-16 17:21:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> d:\Program Files\Panda Software\Panda Internet Security 2007\pavlsp.dll -> Panda Software International [Ver = 7, 4, 21, 76 | Size = 177712 bytes | Modified Date = 2007-04-16 17:21:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> d:\Program Files\Panda Software\Panda Internet Security 2007\pavlsp.dll -> Panda Software International [Ver = 7, 4, 21, 76 | Size = 177712 bytes | Modified Date = 2007-04-16 17:21:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> d:\Program Files\Panda Software\Panda Internet Security 2007\pavlsp.dll -> Panda Software International [Ver = 7, 4, 21, 76 | Size = 177712 bytes | Modified Date = 2007-04-16 17:21:50 | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/d/c.../OGAControl.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} -> moDiagCollectionActiveX Object - CodeBase = http://www.musicmatch.com/form/support/tec...tionControl.cab ->

[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Adobe LM Service -> ->
AdobeActiveFileMonitor4.0 -> ->
Ati HotKey Poller -> ->
ATI Smart -> ->
CAISafe -> ->
IDriverT -> ->
InCDsrv -> ->
InCDsrvR -> ->
iPod Service -> ->
iPodService -> ->
ose -> ->
VETMSGNT -> ->
WMPNetworkSvc -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk -> D:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 2003-10-14 02:11:40 | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk -> %SystemDrive%\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk -> D:\PROGRA~1\PIXELA\IMAGEM~1\IMX3LA~1.EXE -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk -> %ProgramFiles%\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 4, 0, 1, 0 | Size = 581632 bytes | Modified Date = 2004-06-02 02:11:14 | Attr = R ]
C:^Documents and Settings^dgoddette^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 2003-10-14 02:11:40 | Attr = ]
C:^Documents and Settings^dgoddette^Start Menu^Programs^Startup^HotSync Manager.lnk -> %ProgramFiles%\Handspring\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 2003-10-09 14:35:24 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Act! Preloader -> D:\Program Files\ACT\ACT for Windows\Act8.exe -> Sage Software SB, Inc [Ver = 8.2.82.0 | Size = 1015808 bytes | Modified Date = 2006-04-05 18:30:56 | Attr = ]
Adobe Photo Downloader -> D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.53237 | Size = 57344 bytes | Modified Date = 2005-09-09 01:18:10 | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe -> File not found
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> File not found
CaAvTray -> d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> File not found
CAVRID -> d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe -> File not found
Copernic Desktop Search -> D:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe -> File not found
InCD -> d:\Program Files\Ahead\InCD\InCD.exe -> File not found
IndexSearch -> d:\Program Files\ScanSoft\PaperPort\IndexSearch.exe -> ScanSoft, Inc. [Ver = 11.0.6255.1 | Size = 40960 bytes | Modified Date = 2006-05-05 13:19:34 | Attr = ]
iTunesHelper -> D:\Program Files\iTunes\iTunesHelper.exe -> File not found
MimBoot -> d:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.4040 | Size = 8192 bytes | Modified Date = 2006-11-07 16:41:44 | Attr = ]
MMTray -> d:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4040 | Size = 110592 bytes | Modified Date = 2006-11-07 16:41:44 | Attr = ]
NBJ -> D:\Program Files\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 24 | Size = 1871872 bytes | Modified Date = 2004-08-25 18:28:20 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 12:50:42 | Attr = ]
PaperPort PTD -> d:\Program Files\ScanSoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 11.0.6255.1 | Size = 36864 bytes | Modified Date = 2006-05-05 13:18:54 | Attr = ]
QOELOADER -> d:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe -> File not found
SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 54 | Size = 577536 bytes | Modified Date = 2006-06-21 06:42:44 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 36975 bytes | Modified Date = 2006-05-03 02:56:56 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> File not found


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-05-18 13:02:49 | Attr = ]
hijackthis -> %SystemDrive%\hijackthis -> [Folder | Created Date = 2007-05-17 17:20:15 | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2007-05-18 12:50:57 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2007-05-17 12:10:39 | Attr = ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 2007-05-09 02:04:27 | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 2007-05-19 08:37:39 | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 86528 bytes | Created Date = 2007-05-18 12:52:56 | Attr = ]
msocreg32.dat -> %SystemRoot%\msocreg32.dat -> [Ver = | Size = 16 bytes | Created Date = 2007-04-23 21:32:54 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 2007-05-18 12:52:56 | Attr = ]
onlineeye.INI -> %SystemRoot%\onlineeye.INI -> [Ver = | Size = 329 bytes | Created Date = 2007-05-04 09:28:31 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 2007-05-18 13:08:42 | Attr = ]
.MySCMServerInfo -> %System32%\.MySCMServerInfo -> [Ver = | Size = 189 bytes | Created Date = 2007-04-23 21:31:57 | Attr = ]
avldr.dll -> %System32%\avldr.dll -> Panda Software International [Ver = 2, 1, 0, 2 | Size = 50736 bytes | Created Date = 2007-05-17 17:25:30 | Attr = ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Created Date = 2007-04-24 14:29:03 | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 2007-05-17 05:55:53 | Attr = ]
esfw52.bin -> %System32%\esfw52.bin -> [Ver = | Size = 64000 bytes | Created Date = 2007-05-05 22:02:06 | Attr = ]
esint52.dll -> %System32%\esint52.dll -> SEIKO EPSON CORP. [Ver = 1.08 | Size = 282624 bytes | Created Date = 2007-05-05 22:02:06 | Attr = ]
eswia52.dll -> %System32%\eswia52.dll -> SEIKO EPSON CORP. [Ver = 1.08 | Size = 180224 bytes | Created Date = 2007-05-05 22:02:06 | Attr = ]
HHActiveX.dll -> %System32%\HHActiveX.dll -> eHelp Corporation. [Ver = 9.20.566 | Size = 446464 bytes | Created Date = 2007-05-17 17:26:17 | Attr = ]
iasna_EE2BFC3F-7613-4461-B9FE-67F3DFFC45C5.dll -> %System32%\iasna_EE2BFC3F-7613-4461-B9FE-67F3DFFC45C5.dll -> [Ver = | Size = 21 bytes | Created Date = 2007-04-30 10:20:00 | Attr = ]
moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 2007-05-18 12:52:56 | Attr = ]
msvcsv60.dll -> %System32%\msvcsv60.dll -> [Ver = | Size = 16 bytes | Created Date = 2007-04-23 21:32:54 | Attr = ]
oqtss.bak1 -> %System32%\oqtss.bak1 -> [Ver = | Size = 1457613 bytes | Created Date = 2007-05-17 05:51:36 | Attr = HS]
oqtss.ini -> %System32%\oqtss.ini -> [Ver = | Size = 1470516 bytes | Created Date = 2007-05-17 05:51:14 | Attr = HS]
PAV -> %System32%\PAV -> [Folder | Created Date = 2007-05-17 17:25:20 | Attr = ]
pavcpl.cpl -> %System32%\pavcpl.cpl -> Panda Software [Ver = 1, 0, 2, 0 | Size = 54832 bytes | Created Date = 2007-05-17 17:26:22 | Attr = ]
PavCPL.dat -> %System32%\PavCPL.dat -> [Ver = | Size = 261 bytes | Created Date = 2007-05-17 17:31:26 | Attr = ]
pavipc.dll -> %System32%\pavipc.dll -> Panda Software International [Ver = 8, 0, 0, 0 | Size = 63024 bytes | Created Date = 2007-05-17 17:25:59 | Attr = ]
PavSHook.dll -> %System32%\PavSHook.dll -> Panda Software International [Ver = 8, 0, 0, 0 | Size = 292400 bytes | Created Date = 2007-05-17 17:25:59 | Attr = ]
PAV_FOG.OPC -> %System32%\PAV_FOG.OPC -> [Ver = | Size = 8627 bytes | Created Date = 2007-05-17 17:54:24 | Attr = ]
rjsahkpx.ini -> %System32%\rjsahkpx.ini -> [Ver = | Size = 474 bytes | Created Date = 2007-05-17 12:34:57 | Attr = HS]
SYSTOOLS.DLL -> %System32%\SYSTOOLS.DLL -> Panda Software [Ver = 7.0.2.0 | Size = 107568 bytes | Created Date = 2007-05-17 17:25:59 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5464 bytes | Created Date = 2007-05-18 13:13:17 | Attr = ]
TpUtil.dll -> %System32%\TpUtil.dll -> Panda Software International [Ver = 8, 0, 0, 0 | Size = 161328 bytes | Created Date = 2007-05-17 17:25:59 | Attr = ]
UserRequest_1179507086.tmp -> %System32%\UserRequest_1179507086.tmp -> [Ver = | Size = 0 bytes | Created Date = 2007-05-18 08:51:26 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-05-18 12:52:56 | Attr = ]
w3data.vss -> %System32%\w3data.vss -> [Ver = | Size = 16 bytes | Created Date = 2007-04-23 21:32:54 | Attr = ]
APPFCONT.DAT -> %System32%\drivers\APPFCONT.DAT -> [Ver = | Size = 92320 bytes | Created Date = 2007-05-17 17:50:12 | Attr = ]
APPFCONT.DAT.bck -> %System32%\drivers\APPFCONT.DAT.bck -> [Ver = | Size = 92320 bytes | Created Date = 2007-05-17 17:50:12 | Attr = ]
APPFLT.SYS -> %System32%\drivers\APPFLT.SYS -> Panda Software [Ver = 2.2.0.42 | Size = 58800 bytes | Created Date = 2007-05-17 17:27:31 | Attr = ]
APPFLTR.CFG -> %System32%\drivers\APPFLTR.CFG -> [Ver = | Size = 1204 bytes | Created Date = 2007-05-17 17:50:09 | Attr = ]
APPFLTR.CFG.bck -> %System32%\drivers\APPFLTR.CFG.bck -> [Ver = | Size = 1204 bytes | Created Date = 2007-05-17 17:50:09 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-05-17 17:40:53 | Attr = ]
cpoint.sys -> %System32%\drivers\cpoint.sys -> Panda Software [Ver = 1, 2, 0, 50 | Size = 17792 bytes | Created Date = 2007-05-17 17:25:59 | Attr = ]
dsaflt.sys -> %System32%\drivers\dsaflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 49968 bytes | Created Date = 2007-05-17 17:28:51 | Attr = ]
fnetmon.sys -> %System32%\drivers\fnetmon.sys -> Panda Software [Ver = 2.2.0.25 | Size = 15792 bytes | Created Date = 2007-05-17 17:27:31 | Attr = ]
idsflt.sys -> %System32%\drivers\idsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 190640 bytes | Created Date = 2007-05-17 17:28:51 | Attr = ]
NETFLTDI.SYS -> %System32%\drivers\NETFLTDI.SYS -> Panda Software [Ver = 2.2.0.22 | Size = 121392 bytes | Created Date = 2007-05-17 17:27:31 | Attr = ]
netimflt.sys -> %System32%\drivers\netimflt.sys -> Panda Software [Ver = 1, 5, 0, 0 | Size = 142128 bytes | Created Date = 2007-05-17 17:25:44 | Attr = ]
net_m32.inf -> %System32%\drivers\net_m32.inf -> [Ver = | Size = 1990 bytes | Created Date = 2007-05-17 17:25:45 | Attr = ]
pavdrv51.sys -> %System32%\drivers\pavdrv51.sys -> Panda Software International [Ver = 7.0.1.0 (av07_rtm.070117-1343) | Size = 71680 bytes | Created Date = 2007-05-17 17:31:27 | Attr = ]
PavProc.sys -> %System32%\drivers\PavProc.sys -> Panda Software International [Ver = 1.1.3.0 | Size = 170800 bytes | Created Date = 2007-05-17 17:19:31 | Attr = ]
ShlDrv51.sys -> %System32%\drivers\ShlDrv51.sys -> Panda Software International [Ver = 1.3.11.0 | Size = 31104 bytes | Created Date = 2007-05-17 17:19:31 | Attr = ]
smsflt.sys -> %System32%\drivers\smsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 36016 bytes | Created Date = 2007-05-17 17:28:51 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 2007-05-17 13:22:01 | Attr = ]
wnmflt.sys -> %System32%\drivers\wnmflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 29360 bytes | Created Date = 2007-05-17 17:28:51 | Attr = ]
wnmsav.dat -> %System32%\drivers\wnmsav.dat -> [Ver = | Size = 48 bytes | Created Date = 2007-05-17 18:22:55 | Attr = ]
DsaFlt.cfg -> %System32%\drivers\etc\DsaFlt.cfg -> [Ver = | Size = 56 bytes | Created Date = 2007-05-17 17:50:12 | Attr = ]
DsaFlt.cfg.bck -> %System32%\drivers\etc\DsaFlt.cfg.bck -> [Ver = | Size = 56 bytes | Created Date = 2007-05-17 17:50:12 | Attr = ]
DsaFlt.rls -> %System32%\drivers\etc\DsaFlt.rls -> [Ver = | Size = 272836 bytes | Created Date = 2007-05-17 17:29:08 | Attr = ]
DsaFlt.rls.bck -> %System32%\drivers\etc\DsaFlt.rls.bck -> [Ver = | Size = 272836 bytes | Created Date = 2007-05-17 17:50:10 | Attr = ]
IdsFlt.cfg -> %System32%\drivers\etc\IdsFlt.cfg -> [Ver = | Size = 252 bytes | Created Date = 2007-05-17 17:50:11 | Attr = ]
IdsFlt.cfg.bck -> %System32%\drivers\etc\IdsFlt.cfg.bck -> [Ver = | Size = 252 bytes | Created Date = 2007-05-17 17:50:11 | Attr = ]
NetAR.wlt -> %System32%\drivers\etc\NetAR.wlt -> [Ver = | Size = 64 bytes | Created Date = 2007-05-17 17:49:39 | Attr = ]
NetAR.wlt.bck -> %System32%\drivers\etc\NetAR.wlt.bck -> [Ver = | Size = 64 bytes | Created Date = 2007-05-17 17:49:39 | Attr = ]
NetAV.alt -> %System32%\drivers\etc\NetAV.alt -> [Ver = | Size = 656 bytes | Created Date = 2007-05-17 17:49:34 | Attr = ]
NetAV.alt.bck -> %System32%\drivers\etc\NetAV.alt.bck -> [Ver = | Size = 656 bytes | Created Date = 2007-05-17 17:49:34 | Attr = ]
NetFlt.cfg -> %System32%\drivers\etc\NetFlt.cfg -> [Ver = | Size = 64 bytes | Created Date = 2007-05-17 17:50:08 | Attr = ]
NetFlt.cfg.bck -> %System32%\drivers\etc\NetFlt.cfg.bck -> [Ver = | Size = 64 bytes | Created Date = 2007-05-17 17:50:08 | Attr = ]
SmsFlt.cfg -> %System32%\drivers\etc\SmsFlt.cfg -> [Ver = | Size = 56 bytes | Created Date = 2007-05-17 17:50:11 | Attr = ]
SmsFlt.cfg.bck -> %System32%\drivers\etc\SmsFlt.cfg.bck -> [Ver = | Size = 56 bytes | Created Date = 2007-05-17 17:50:11 | Attr = ]
WnmFlt.cfg -> %System32%\drivers\etc\WnmFlt.cfg -> [Ver = | Size = 56 bytes | Created Date = 2007-05-17 17:50:11 | Attr = ]
WnmFlt.cfg.bck -> %System32%\drivers\etc\WnmFlt.cfg.bck -> [Ver = | Size = 56 bytes | Created Date = 2007-05-17 17:50:12 | Attr = ]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 2007-05-19 17:37:22 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-05-18 14:08:46 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-05-17 07:02:16 | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2007-05-08 00:01:56 | Attr = ]
hijackthis -> %SystemDrive%\hijackthis -> [Folder | Modified Date = 2007-05-18 15:02:00 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-05-18 13:51:24 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2007-05-18 13:51:22 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2007-05-17 18:17:32 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-05-21 16:08:08 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-05-09 03:06:18 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 2007-05-09 03:04:30 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-04-23 22:45:56 | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 2007-05-19 09:55:22 | Attr = ]
bi_group.ini -> %SystemRoot%\bi_group.ini -> [Ver = | Size = 87 bytes | Modified Date = 2007-04-27 14:36:52 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-05-19 21:19:28 | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2007-05-19 21:19:34 | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-05-09 03:02:44 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-05-19 09:37:44 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-05-07 22:18:06 | Attr = R S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 2007-05-09 03:04:36 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-05-19 09:37:40 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-05-17 07:02:30 | Attr = HS]
msocreg32.dat -> %SystemRoot%\msocreg32.dat -> [Ver = | Size = 16 bytes | Modified Date = 2007-04-23 22:32:56 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2007-05-21 11:34:18 | Attr = ]
onlineeye.INI -> %SystemRoot%\onlineeye.INI -> [Ver = | Size = 329 bytes | Modified Date = 2007-05-17 12:39:46 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-05-21 14:05:02 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-05-21 12:19:34 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-05-20 14:39:26 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-05-21 16:04:42 | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 2007-05-21 15:33:42 | Attr = ]
Twain001.Mtx -> %SystemRoot%\Twain001.Mtx -> [Ver = | Size = 6 bytes | Modified Date = 2007-05-16 22:38:30 | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2007-05-05 23:02:08 | Attr = ]
Twunk001.MTX -> %SystemRoot%\Twunk001.MTX -> [Ver = | Size = 156 bytes | Modified Date = 2007-05-16 22:38:30 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 862 bytes | Modified Date = 2007-05-20 22:11:50 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-05-19 21:19:34 | Attr = H ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2007-04-24 15:29:04 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-05-05 23:04:20 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-05-19 22:07:02 | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 2007-05-17 06:55:54 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-05-09 03:06:48 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-05-21 14:05:06 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 416672 bytes | Modified Date = 2007-05-17 13:17:18 | Attr = ]
iasna_EE2BFC3F-7613-4461-B9FE-67F3DFFC45C5.dll -> %System32%\iasna_EE2BFC3F-7613-4461-B9FE-67F3DFFC45C5.dll -> [Ver = | Size = 21 bytes | Modified Date = 2007-04-30 11:20:02 | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 2007-05-20 17:12:58 | Attr = ]
lsprst7.dll -> %System32%\lsprst7.dll -> [Ver = | Size = 205 bytes | Modified Date = 2007-05-14 14:55:24 | Attr = ]
lsprst7.tgz -> %System32%\lsprst7.tgz -> [Ver = | Size = 219 bytes | Modified Date = 2007-05-14 14:55:24 | Attr = ]
msvcsv60.dll -> %System32%\msvcsv60.dll -> [Ver = | Size = 16 bytes | Modified Date = 2007-04-23 22:32:56 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 81191 bytes | Modified Date = 2007-05-19 21:20:10 | Attr = ]
oqtss.bak1 -> %System32%\oqtss.bak1 -> [Ver = | Size = 1457613 bytes | Modified Date = 2007-05-17 06:51:38 | Attr = HS]
oqtss.ini -> %System32%\oqtss.ini -> [Ver = | Size = 1470516 bytes | Modified Date = 2007-05-17 13:15:48 | Attr = HS]
PAV -> %System32%\PAV -> [Folder | Modified Date = 2007-05-17 18:25:22 | Attr = ]
PavCPL.dat -> %System32%\PavCPL.dat -> [Ver = | Size = 261 bytes | Modified Date = 2007-05-17 18:31:28 | Attr = ]
PAV_FOG.OPC -> %System32%\PAV_FOG.OPC -> [Ver = | Size = 8627 bytes | Modified Date = 2007-05-20 07:17:20 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 88462 bytes | Modified Date = 2007-05-17 19:36:16 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 466872 bytes | Modified Date = 2007-05-17 19:36:16 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 565588 bytes | Modified Date = 2007-05-17 19:36:14 | Attr = ]
rjsahkpx.ini -> %System32%\rjsahkpx.ini -> [Ver = | Size = 474 bytes | Modified Date = 2007-05-17 18:51:00 | Attr = HS]
ssprs.dll -> %System32%\ssprs.dll -> [Ver = | Size = 73 bytes | Modified Date = 2007-05-14 14:55:24 | Attr = ]
ssprs.tgz -> %System32%\ssprs.tgz -> [Ver = | Size = 87 bytes | Modified Date = 2007-05-14 14:55:24 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5464 bytes | Modified Date = 2007-05-18 14:13:18 | Attr = ]
UserRequest_1179507086.tmp -> %System32%\UserRequest_1179507086.tmp -> [Ver = | Size = 0 bytes | Modified Date = 2007-05-18 09:51:28 | Attr = ]
w3data.vss -> %System32%\w3data.vss -> [Ver = | Size = 16 bytes | Modified Date = 2007-04-23 22:32:56 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-05-09 07:11:32 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-05-17 06:54:18 | Attr = ]
APPFCONT.DAT -> %System32%\drivers\APPFCONT.DAT -> [Ver = | Size = 92320 bytes | Modified Date = 2007-05-21 14:05:06 | Attr = ]
APPFCONT.DAT.bck -> %System32%\drivers\APPFCONT.DAT.bck -> [Ver = | Size = 92320 bytes | Modified Date = 2007-05-21 14:05:06 | Attr = ]
APPFLTR.CFG -> %System32%\drivers\APPFLTR.CFG -> [Ver = | Size = 1204 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
APPFLTR.CFG.bck -> %System32%\drivers\APPFLTR.CFG.bck -> [Ver = | Size = 1204 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-05-20 13:55:04 | Attr = ]
netimflt.sys -> %System32%\drivers\netimflt.sys -> Panda Software [Ver = 1, 5, 0, 0 | Size = 142128 bytes | Modified Date = 2007-04-24 15:43:56 | Attr = ]
net_m32.inf -> %System32%\drivers\net_m32.inf -> [Ver = | Size = 1990 bytes | Modified Date = 2007-04-24 16:43:54 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 2007-05-17 14:20:18 | Attr = ]
wnmsav.dat -> %System32%\drivers\wnmsav.dat -> [Ver = | Size = 48 bytes | Modified Date = 2007-05-18 11:45:22 | Attr = ]
DsaFlt.cfg -> %System32%\drivers\etc\DsaFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 2007-05-20 07:11:16 | Attr = ]
DsaFlt.cfg.bck -> %System32%\drivers\etc\DsaFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 2007-05-20 07:11:16 | Attr = ]
DsaFlt.rls -> %System32%\drivers\etc\DsaFlt.rls -> [Ver = | Size = 272836 bytes | Modified Date = 2007-05-20 07:11:16 | Attr = ]
DsaFlt.rls.bck -> %System32%\drivers\etc\DsaFlt.rls.bck -> [Ver = | Size = 272836 bytes | Modified Date = 2007-05-20 07:11:16 | Attr = ]
IdsFlt.cfg -> %System32%\drivers\etc\IdsFlt.cfg -> [Ver = | Size = 252 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
IdsFlt.cfg.bck -> %System32%\drivers\etc\IdsFlt.cfg.bck -> [Ver = | Size = 252 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
NetAR.wlt -> %System32%\drivers\etc\NetAR.wlt -> [Ver = | Size = 64 bytes | Modified Date = 2007-05-20 13:55:02 | Attr = ]
NetAR.wlt.bck -> %System32%\drivers\etc\NetAR.wlt.bck -> [Ver = | Size = 64 bytes | Modified Date = 2007-05-20 13:55:02 | Attr = ]
NetAV.alt -> %System32%\drivers\etc\NetAV.alt -> [Ver = | Size = 656 bytes | Modified Date = 2007-05-20 13:55:04 | Attr = ]
NetAV.alt.bck -> %System32%\drivers\etc\NetAV.alt.bck -> [Ver = | Size = 656 bytes | Modified Date = 2007-05-20 13:55:04 | Attr = ]
NetFlt.cfg -> %System32%\drivers\etc\NetFlt.cfg -> [Ver = | Size = 64 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
NetFlt.cfg.bck -> %System32%\drivers\etc\NetFlt.cfg.bck -> [Ver = | Size = 64 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
SmsFlt.cfg -> %System32%\drivers\etc\SmsFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
SmsFlt.cfg.bck -> %System32%\drivers\etc\SmsFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
WnmFlt.cfg -> %System32%\drivers\etc\WnmFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]
WnmFlt.cfg.bck -> %System32%\drivers\etc\WnmFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 2007-05-20 07:11:14 | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WSUD , -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 62 | Size = 18796544 bytes | Modified Date = 2006-06-21 06:40:36 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2004-08-04 05:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\PCWizard.cpl -> [Ver = 2006, 1, 0, 0 | Size = 27136 bytes | Modified Date = 2005-11-28 10:50:22 | Attr = ]
Thawte Consulting , -> %System32%\px.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 452264 bytes | Modified Date = 2006-12-06 11:17:50 | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 2006-12-06 11:17:56 | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 114856 bytes | Modified Date = 2006-12-06 11:17:56 | Attr = ]
Thawte Consulting , -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.01.88a | Size = 472744 bytes | Modified Date = 2006-12-06 11:17:50 | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 2006-12-06 11:17:56 | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 2006-12-06 11:17:56 | Attr = ]
Thawte Consulting , -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 181928 bytes | Modified Date = 2006-12-06 11:17:52 | Attr = ]
Thawte Consulting , -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 1279656 bytes | Modified Date = 2006-12-06 11:17:56 | Attr = ]
Thawte Consulting , -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 345768 bytes | Modified Date = 2006-12-06 11:17:52 | Attr = ]
Thawte Consulting , -> %System32%\pxwma.dll -> Sonic Solutions [Ver = 1, 0, 0, 3 | Size = 157352 bytes | Modified Date = 2006-12-06 11:17:56 | Attr = ]
UPX! , UPX0 , -> %System32%\sg20o.ocx -> Data Dynamics [Ver = 2.0.0.1072 | Size = 739472 bytes | Modified Date = 2004-05-25 05:15:30 | Attr = ]
Thawte Consulting , -> %System32%\smartui2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0105 | Size = 856664 bytes | Modified Date = 2003-09-08 12:48:50 | Attr = ]
Thawte Consulting , -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.69a | Size = 38568 bytes | Modified Date = 2006-12-06 11:17:56 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2004-08-04 05:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2004-08-04 05:00:00 | Attr = ]
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 576262 bytes | Modified Date = 2007-05-19 12:10:28 | Attr = ]

< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:11 AM

Posted 22 May 2007 - 05:15 AM

Hi dinobrago. There is a large portion of the log missing. I'm curious as to whether there was a problem scanning that portion of the registry. But, from what I do see there are no problems that stand out. We'll just figure that if things are running Ok then you are good to go :thumbsup:

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users