Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HJT log

Started by blackstone , Feb 28 2008 12:38 PM

Please log in to reply

#1
blackstone

Posted 28 February 2008 - 12:38 PM

Member

Member
118 posts

I appreciate your help.
Logfile of HijackThis v1.99.1
Scan saved at 12:00:27 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Documents and Settings\Larry\Desktop\To-Do Lists\Daymate\DayMate\daymate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Documents and Settings\Larry\Desktop\CC Cleaner\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\Larry\Desktop\Audiotools\Oront Burning Kit 2\nmsaccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acronis\TrueImage\TrueImage.exe
C:\Documents and Settings\Larry\Desktop\Unused Desktop Shortcuts\geektools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - blank (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\DOCUME~1\Larry\Desktop\AUDIOT~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
O3 - Toolbar: (no name) - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - (no file)
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [WebPatrolman] C:\Internet Marketing\Web Patrolman\WebPatrolman.exe boot
O4 - HKCU\..\Run: [DayMate] C:\Documents and Settings\Larry\Desktop\To-Do Lists\Daymate\DayMate\daymate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Documents and Settings\Larry\Desktop\Evernote\enbar.dll/2000
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll/gn_menu2.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~5\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Documents and Settings\Larry\Desktop\Evernote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Documents and Settings\Larry\Desktop\Evernote\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B966328-D626-441C-9C0E-007AE0D076AA}: NameServer = 207.91.5.20,207.91.5.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = alltel.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = alltel.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B966328-D626-441C-9C0E-007AE0D076AA}: NameServer = 207.91.5.20,207.91.5.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = alltel.net
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Larry\Desktop\CC Cleaner\security suite\ewidoctrl.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Larry\Desktop\Audiotools\Oront Burning Kit 2\nmsaccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Documents and Settings\Larry\Desktop\Registry Doctor\Advanced Registry Doctor\RegManServ.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: CLP-300 Status Monitor Service (SM_clp300_FUService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

#2
Ryan

Posted 28 February 2008 - 12:57 PM

Member 4k

Member
4,867 posts

I'm Ryan, and I'll be helping you clean your computer.

While I don't see anything in the HiJack This log, this doesn't mean that you aren't infected; it just means HJT is not seeing anything. Let's see if Malwarebytes Anti-Malware detects anything.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-Ryan

#3
blackstone

Posted 28 February 2008 - 01:10 PM

Member

Topic Starter
Member
118 posts

Hi, Ryan.
I appreciate your help.
The main problem I have is that I can\t get the affected machine connected to the internet so I have a challenge getting stuff on there.
Can I download to this machine with all updates and move by CD to the affected one?

#4
Ryan

Posted 28 February 2008 - 01:28 PM

Member 4k

Member
4,867 posts

Put the installation file and the current rules database (can be downloaded from http://www.malwareby.../mbam-rules.exe ) onto the cd. On the infected computer, run mbam-setup.exe first, then run mbam-rules.exe. Then follow the rest of the instructions as previously posted.

-Ryan

#5
blackstone

Posted 28 February 2008 - 01:35 PM

Member

Topic Starter
Member
118 posts

Thanks, Ryan
Be back shortly

#6
blackstone

Posted 28 February 2008 - 01:57 PM

Member

Topic Starter
Member
118 posts

It found one file which was quarantined and deleted.
HKEY_CLASSES_ROOT\Interface\{d12fb216-99da-4eb-9cc0-c0f760b174a0}
Trojan.AdWare.AntiSpamBoy

#7
Ryan

Posted 28 February 2008 - 02:57 PM

Member 4k

Member
4,867 posts

Please go to UploadMalware to upload a suspicious file for analysis.

Enter your username from this forum
Copy and paste the link to this thread
IN the file to submit box, paste this filename: C:\Windows\System32\cmd32.exe
In the comments, please mention that I asked you to upload this file
Click on Send File

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#8
blackstone

Posted 28 February 2008 - 03:04 PM

Member

Topic Starter
Member
118 posts

I apologize but will have to do this later
On my way out the door to work.
I'll post back later
thank you

#9
blackstone

Posted 29 February 2008 - 08:44 AM

Member

Topic Starter
Member
118 posts

Ryan, I'm back in business and appreciate greatly your help.

I was working on 2 things simultaneously, corrupt files and virus/malware so not sure which actuallt solved the problem.
But all is working well now.

Once again, thanks.
This place is great.

Larry

#10
Ryan

Posted 29 February 2008 - 10:45 AM

Member 4k

Member
4,867 posts

Can you please post the ComboFix log so that I can take a look at it?

-Ryan

#11
blackstone

Posted 29 February 2008 - 02:08 PM

Member

Topic Starter
Member
118 posts

ComboFix 08-02-25.3 - Larry 2008-02-29 11:55:11.1 - FAT32x86
Running from: C:\Documents and Settings\Larry\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Larry\Application Data\inst.exe
C:\Documents and Settings\Larry\g2mdlhlpx.exe
C:\Documents and Settings\Larry\Start Menu\Programs\Uninstall.lnk
C:\WINDOWS\start.exe
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-28 14:41 . 2008-02-28 14:41 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\Malwarebytes
2008-02-28 14:39 . 2008-02-28 14:39 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\Malwarebytes
2008-02-28 10:25 . 2008-02-28 10:25 230 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-02-27 16:04 . 2008-02-27 16:04 <DIR> d--hs---- C:\FOUND.008
2008-02-22 08:25 . 2008-02-22 08:25 <DIR> d-------- C:\Program Files\GPLGS
2008-02-22 08:24 . 2008-02-22 08:24 <DIR> d-------- C:\Program Files\Acro Software
2008-02-18 11:41 . 2008-02-18 11:41 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\AVS4YOU
2008-02-18 11:41 . 2008-02-18 11:41 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\AVSMedia
2008-02-18 11:38 . 2008-02-18 11:38 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-02-18 11:38 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\SYSTEM32\mcdvd_32.dll
2008-02-18 11:38 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-18 11:38 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\SYSTEM32\vct3216.acm
2008-02-18 11:38 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\SYSTEM32\AC3ACM.acm
2008-02-18 11:38 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\SYSTEM32\alf2cd.acm
2008-02-18 11:38 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\SYSTEM32\Scg726.acm
2008-02-18 11:36 . 2008-02-18 11:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-13 13:27 . 2008-02-13 13:27 82,380 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS
2008-02-13 13:15 . 2008-02-13 13:28 20,454 --a------ C:\WINDOWS\hpoins01.dat
2008-02-13 13:15 . 2003-04-05 06:24 16,618 --------- C:\WINDOWS\hpomdl01.dat
2008-02-13 12:46 . 2008-02-13 12:46 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-02-13 12:39 . 2008-02-13 12:39 <DIR> d-------- C:\Program Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 13:44 --------- d-----w C:\Documents and Settings\Larry\Application Data\wsInspector
2008-01-17 13:27 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-01-14 12:42 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-14 12:42 47,360 ----a-w C:\Documents and Settings\Larry\Application Data\pcouffin.sys
2008-01-14 12:42 --------- d-----w C:\Documents and Settings\Larry\Application Data\Vso
2008-01-13 12:54 --------- d-----w C:\Documents and Settings\Larry\Application Data\SkypeCap
2008-01-13 12:50 --------- d-----w C:\WINDOWS\Profiles\All Users\Application Data\GeoVid
2008-01-13 12:50 --------- d-----w C:\Program Files\SkypeCap
2008-01-13 12:50 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-01-11 18:33 --------- d-----w C:\Program Files\DTALPHA
2008-01-11 15:07 --------- d-----w C:\Documents and Settings\Larry\Application Data\muvee Technologies
2008-01-11 14:35 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-01-11 14:26 --------- d-----w C:\WINDOWS\Profiles\All Users\Application Data\muvee Technologies
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-04 18:38 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-12-04 18:38 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-12-04 18:38 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll
2007-12-04 18:38 120,056 ------w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-12-04 18:38 118,520 ------w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-12-04 18:36 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-12-04 18:36 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-12-04 18:36 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-12-04 18:36 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-12-04 18:36 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-12-04 18:36 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-12-04 18:36 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-12-04 18:36 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-12-04 18:35 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-12-04 18:35 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-09-08 21:16 5,632 --sha-w C:\Program Files\Thumbs.db
2006-11-13 21:42 4,183,248 ----a-w C:\Program Files\grtgcard.exe
2006-11-13 19:55 8,132,608 ----a-w C:\Program Files\enures.dll
2006-11-13 19:54 233,472 ----a-w C:\Program Files\SSCE5532.dll
2006-11-13 19:54 1,806,336 ----a-w C:\Program Files\PDFTronDLL.dll
2006-11-13 19:51 2,362,712 ----a-w C:\Program Files\GCFTutorial.chm
2006-11-10 22:44 98,015 ----a-w C:\Program Files\SearchIndex_Main.dat
2006-11-10 22:44 5,848 ----a-w C:\Program Files\SearchIndex_File.dat
2006-11-10 22:44 211 ----a-w C:\Program Files\SearchIndex_Super.dat
2006-11-09 18:21 437 ----a-w C:\Program Files\ReminderApp.exe.manifest
2006-11-09 16:33 1,446 ----a-w C:\Program Files\grtgcard.exe.manifest
2006-11-08 20:53 587,427 ----a-w C:\Program Files\gcfhelp.chm
2006-11-08 20:53 20,580,263 ----a-w C:\Program Files\grtgcard.pdf
2006-11-02 16:21 156,160 ----a-w C:\Program Files\ReminderApp.exe
2006-01-16 10:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-01-16 10:03 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2006-01-16 10:02 527 ---ha-w C:\Documents and Settings\Larry\hpothb07.dat
2005-09-22 20:27 64,960 ----a-w C:\Program Files\uninstal.log
2005-03-23 17:45 557,776 ----a-w C:\Program Files\The Logo Creator v4.bmp
2005-01-07 15:55 2,648,295 ----a-w C:\Program Files\The Logo Creator v4.exe
2005-01-06 17:44 15,665 ----a-w C:\Program Files\The Logo Creator v4.ini
2004-10-16 02:54 3,932 ------w C:\Documents and Settings\Larry\Application Data\LMLayout.dat
2004-10-16 02:54 268 ------w C:\Documents and Settings\Larry\Application Data\LMCPaper.dat
2004-08-11 06:45 10,200,432 ------w C:\Program Files\RealPlayer10GOLD.exe
2004-06-22 21:50 16,706,160 ------w C:\Program Files\AdbeRdr60_enu_full.exe
2004-06-20 20:22 266 --sh--w C:\Program Files\desktop.ini
2004-06-20 20:22 11,079 ---h--w C:\Program Files\folder.htt
2003-08-06 06:55 1,177 ------w C:\Program Files\INSTALL.LOG
2003-03-21 18:37 16,056 ------w C:\Program Files\owcstp16.dll
2002-12-05 22:24 2,181,704 ------w C:\Program Files\msnmsgr.exe
1999-05-09 11:10 492,272 ------w C:\Program Files\QuickTimeInstaller.exe
2004-05-22 17:13 9 --sh--r C:\WINDOWS\Profiles\All Users\Application Data\Symantec\Ghost\Template\common\MSDOS\msdos.sys
1999-04-24 03:22 222,390 --sh--r C:\WINDOWS\Profiles\All Users\Application Data\Symantec\Ghost\Template\common\MSDOS\io.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B}]
2007-08-16 14:30 380928 --a------ C:\Program Files\Snap Shots\snapbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF}
{67970B26-F57D-4455-8262-81C3AE3B8B5E}
{724D43A0-0D85-11D4-9908-00400523E39A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{8CD8EA48-D284-477E-B6DF-85D1E39D855F}
{CFE40ED8-564E-4693-A9D9-80DB70C8E460}

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= C:\Program Files\Snap Shots\snapbar.dll [2007-08-16 14:30 380928]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-25 22:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebPatrolman"="C:\Internet Marketing\Web Patrolman\WebPatrolman.exe" [2006-03-15 09:29 655360]
"DayMate"="C:\Documents and Settings\Larry\Desktop\To-Do Lists\Daymate\DayMate\daymate.exe" [2008-01-14 06:23 6755328]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 18:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\EUDORA\EUSHLEXT.DLL [2001-04-12 18:05 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASWINLO.DLL 2007-06-28 08:32 294912 C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BBStartup.lnk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
backup=C:\WINDOWS\pss\BBStartup.lnk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=C:\WINDOWS\pss\Free WebSite Tools.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Greeting.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Greeting.lnk
backup=C:\WINDOWS\pss\Greeting.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lexmark X125 Settings Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
backup=C:\WINDOWS\pss\Lexmark X125 Settings Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=C:\WINDOWS\pss\SideACT!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTracker Pro.lnk
backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^eCentral.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\eCentral.lnk
backup=C:\WINDOWS\pss\eCentral.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^FriendFinder Messenger.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\FriendFinder Messenger.lnk
backup=C:\WINDOWS\pss\FriendFinder Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Stay On Focus.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Stay On Focus.lnk
backup=C:\WINDOWS\pss\Stay On Focus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Documents and Settings\Larry\Desktop\Spybot Adaware\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2005-11-28 14:02 118784 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 07:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
C:\Program Files\ESPNRunTime\DIGServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
--a------ 2006-10-17 03:01 143360 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker 2004]
C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Forrester Panel]
C:\Program Files\Forrester Panel\ForresterPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Forrester Panel Update]
C:\Program Files\Forrester Panel\ForresterPanelUa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-23 00:13 1591808 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
C:\Documents and Settings\Larry\Desktop\VOIP\Gizmo Project\Gizmo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-16 11:00 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--------- 2002-10-15 23:05 114688 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--------- 2002-10-15 23:18 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Buzz Daemon]
C:\Program Files\Instant Buzz\IBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-08-09 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadPowerProfile]
--a------ 2004-08-04 03:56 17408 C:\WINDOWS\SYSTEM32\powrprof.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
--------- 2004-08-13 17:41 86016 C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
--a------ 2006-11-02 11:21 156160 C:\Program Files\ReminderApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup]
D:\Installation\Setupx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-02-16 00:57 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-17 03:45 23120680 C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartToDo]
--a------ 2006-01-10 21:52 2334720 C:\Documents and Settings\Larry\Desktop\To-Do Lists\SmartToDo\Smart To-Do\SmartToDo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2003-04-24 16:53 54784 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stay On Focus]
--a------ 2007-05-15 09:42 260632 C:\Documents and Settings\Larry\Desktop\Downloads\Stay On Focus\stayonfocus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-28 08:32 1318912 C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-07 18:56 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--------- 2003-03-31 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2005-10-13 07:47 81920 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2005-11-28 14:02 988701 C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vSkype]
--------- 2005-06-14 22:48 200704 C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherAloud]
C:\Documents and Settings\Larry\Desktop\Downloads\weatheraloud\WeatherAloud2\WeatherAloud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebPatrolman]
--a------ 2006-03-15 09:29 655360 C:\Internet Marketing\Web Patrolman\WebPatrolman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Documents and Settings\Larry\Desktop\Audiotools\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 17:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
"dla"=C:\WINDOWS\system\dla\tfswctrl.exe
"IgfxTray"=C:\WINDOWS\SYSTEM32\igfxtray.exe
"HotKeysCmds"=C:\WINDOWS\SYSTEM32\hkcmd.exe
"Necutray"=NECUTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"GhostStartService"=C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 05:55:40 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-25 14:03:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 11:14:36 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Documents and Settings\Larry\Desktop\Downloads\XoftSpyware\XoftSpySE\XoftSpy.exe
"2008-02-29 17:13:58 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Documents and Settings\Larry\Desktop\Downloads\XoftSpyware\XoftSpySE\XoftSpy.exe
"2008-02-28 11:36:20 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-29 17:13:56 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-13 18:31:30 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1202927302.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 12:14:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Documents and Settings\Larry\Desktop\CC Cleaner\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\Larry\Desktop\Audiotools\Oront Burning Kit 2\nmsaccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2008-02-29 12:24:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-29 17:24:46
.
2008-02-03 13:27:55 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:19 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Documents and Settings\Larry\Desktop\CC Cleaner\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\Larry\Desktop\Audiotools\Oront Burning Kit 2\nmsaccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Larry\Desktop\Spybot Adaware\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - blank (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\DOCUME~1\Larry\Desktop\AUDIOT~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
O3 - Toolbar: (no name) - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - (no file)
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [WebPatrolman] C:\Internet Marketing\Web Patrolman\WebPatrolman.exe boot
O4 - HKCU\..\Run: [DayMate] C:\Documents and Settings\Larry\Desktop\To-Do Lists\Daymate\DayMate\daymate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Documents and Settings\Larry\Desktop\Evernote\enbar.dll/2000
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1372921635.dll/gn_menu2.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~5\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Documents and Settings\Larry\Desktop\Evernote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Documents and Settings\Larry\Desktop\Evernote\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B966328-D626-441C-9C0E-007AE0D076AA}: NameServer = 207.91.5.20,207.91.5.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = alltel.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = alltel.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B966328-D626-441C-9C0E-007AE0D076AA}: NameServer = 207.91.5.20,207.91.5.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = alltel.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Larry\Desktop\CC Cleaner\security suite\ewidoctrl.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Larry\Desktop\Audiotools\Oront Burning Kit 2\nmsaccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Documents and Settings\Larry\Desktop\Registry Doctor\Advanced Registry Doctor\RegManServ.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

--
End of file - 12694 bytes

#12
Ryan

Posted 29 February 2008 - 02:39 PM

Member 4k

Member
4,867 posts

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log, along with an Uninstall List.

To obtain an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan

#13
blackstone

Posted 01 March 2008 - 07:54 AM

Member

Topic Starter
Member
118 posts

I apologize for the delay in getting back to you.
I worked last evening and am now able to get back to you.
Following is my newest Combofix log.
ComboFix 08-02-25.3 - Larry 2008-03-01 8:14:46.3 - FAT32x86
Running from: C:\Documents and Settings\Larry\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-28 14:41 . 2008-02-28 14:41 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\Malwarebytes
2008-02-28 14:39 . 2008-02-28 14:39 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\Malwarebytes
2008-02-28 10:25 . 2008-02-28 10:25 230 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-02-27 16:04 . 2008-02-27 16:04 <DIR> d--hs---- C:\FOUND.008
2008-02-22 08:25 . 2008-02-22 08:25 <DIR> d-------- C:\Program Files\GPLGS
2008-02-22 08:24 . 2008-02-22 08:24 <DIR> d-------- C:\Program Files\Acro Software
2008-02-18 11:41 . 2008-02-18 11:41 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\AVS4YOU
2008-02-18 11:41 . 2008-02-18 11:41 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\AVSMedia
2008-02-18 11:38 . 2008-02-18 11:38 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-02-18 11:38 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\SYSTEM32\mcdvd_32.dll
2008-02-18 11:38 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-18 11:38 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\SYSTEM32\vct3216.acm
2008-02-18 11:38 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\SYSTEM32\AC3ACM.acm
2008-02-18 11:38 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\SYSTEM32\alf2cd.acm
2008-02-18 11:38 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\SYSTEM32\Scg726.acm
2008-02-18 11:36 . 2008-02-18 11:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-13 13:27 . 2008-02-13 13:27 82,380 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS
2008-02-13 13:15 . 2008-02-13 13:28 20,454 --a------ C:\WINDOWS\hpoins01.dat
2008-02-13 13:15 . 2003-04-05 06:24 16,618 --------- C:\WINDOWS\hpomdl01.dat
2008-02-13 12:46 . 2008-02-13 12:46 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-02-13 12:39 . 2008-02-13 12:39 <DIR> d-------- C:\Program Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 13:44 --------- d-----w C:\Documents and Settings\Larry\Application Data\wsInspector
2008-01-17 13:27 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-01-14 12:42 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-14 12:42 47,360 ----a-w C:\Documents and Settings\Larry\Application Data\pcouffin.sys
2008-01-14 12:42 --------- d-----w C:\Documents and Settings\Larry\Application Data\Vso
2008-01-13 12:54 --------- d-----w C:\Documents and Settings\Larry\Application Data\SkypeCap
2008-01-13 12:50 --------- d-----w C:\WINDOWS\Profiles\All Users\Application Data\GeoVid
2008-01-13 12:50 --------- d-----w C:\Program Files\SkypeCap
2008-01-13 12:50 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-01-11 18:33 --------- d-----w C:\Program Files\DTALPHA
2008-01-11 15:07 --------- d-----w C:\Documents and Settings\Larry\Application Data\muvee Technologies
2008-01-11 14:35 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-01-11 14:26 --------- d-----w C:\WINDOWS\Profiles\All Users\Application Data\muvee Technologies
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-04 18:38 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-12-04 18:38 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-12-04 18:38 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll
2007-12-04 18:38 120,056 ------w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-12-04 18:38 118,520 ------w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-12-04 18:36 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-12-04 18:36 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-12-04 18:36 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-12-04 18:36 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-12-04 18:36 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-12-04 18:36 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-12-04 18:36 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-12-04 18:36 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-12-04 18:35 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-12-04 18:35 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-09-08 21:16 5,632 --sha-w C:\Program Files\Thumbs.db
2006-11-13 21:42 4,183,248 ----a-w C:\Program Files\grtgcard.exe
2006-11-13 19:55 8,132,608 ----a-w C:\Program Files\enures.dll
2006-11-13 19:54 233,472 ----a-w C:\Program Files\SSCE5532.dll
2006-11-13 19:54 1,806,336 ----a-w C:\Program Files\PDFTronDLL.dll
2006-11-13 19:51 2,362,712 ----a-w C:\Program Files\GCFTutorial.chm
2006-11-10 22:44 98,015 ----a-w C:\Program Files\SearchIndex_Main.dat
2006-11-10 22:44 5,848 ----a-w C:\Program Files\SearchIndex_File.dat
2006-11-10 22:44 211 ----a-w C:\Program Files\SearchIndex_Super.dat
2006-11-09 18:21 437 ----a-w C:\Program Files\ReminderApp.exe.manifest
2006-11-09 16:33 1,446 ----a-w C:\Program Files\grtgcard.exe.manifest
2006-11-08 20:53 587,427 ----a-w C:\Program Files\gcfhelp.chm
2006-11-08 20:53 20,580,263 ----a-w C:\Program Files\grtgcard.pdf
2006-11-02 16:21 156,160 ----a-w C:\Program Files\ReminderApp.exe
2006-01-16 10:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-01-16 10:03 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2006-01-16 10:02 527 ---ha-w C:\Documents and Settings\Larry\hpothb07.dat
2005-09-22 20:27 64,960 ----a-w C:\Program Files\uninstal.log
2005-03-23 17:45 557,776 ----a-w C:\Program Files\The Logo Creator v4.bmp
2005-01-07 15:55 2,648,295 ----a-w C:\Program Files\The Logo Creator v4.exe
2005-01-06 17:44 15,665 ----a-w C:\Program Files\The Logo Creator v4.ini
2004-10-16 02:54 3,932 ------w C:\Documents and Settings\Larry\Application Data\LMLayout.dat
2004-10-16 02:54 268 ------w C:\Documents and Settings\Larry\Application Data\LMCPaper.dat
2004-08-11 06:45 10,200,432 ------w C:\Program Files\RealPlayer10GOLD.exe
2004-06-22 21:50 16,706,160 ------w C:\Program Files\AdbeRdr60_enu_full.exe
2004-06-20 20:22 266 --sh--w C:\Program Files\desktop.ini
2004-06-20 20:22 11,079 ---h--w C:\Program Files\folder.htt
2003-08-06 06:55 1,177 ------w C:\Program Files\INSTALL.LOG
2003-03-21 18:37 16,056 ------w C:\Program Files\owcstp16.dll
2002-12-05 22:24 2,181,704 ------w C:\Program Files\msnmsgr.exe
1999-05-09 11:10 492,272 ------w C:\Program Files\QuickTimeInstaller.exe
2004-05-22 17:13 9 --sh--r C:\WINDOWS\Profiles\All Users\Application Data\Symantec\Ghost\Template\common\MSDOS\msdos.sys
1999-04-24 03:22 222,390 --sh--r C:\WINDOWS\Profiles\All Users\Application Data\Symantec\Ghost\Template\common\MSDOS\io.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684B7DF7-51DE-4852-ACF8-7BA3934D9BD1}]
2008-03-01 06:52 426058 --a------ C:\Documents and Settings\Larry\Desktop\SearchGT\SearchGTShell.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B}]
2007-08-16 14:30 380928 --a------ C:\Program Files\Snap Shots\snapbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF}
{67970B26-F57D-4455-8262-81C3AE3B8B5E}
{724D43A0-0D85-11D4-9908-00400523E39A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{8CD8EA48-D284-477E-B6DF-85D1E39D855F}
{CFE40ED8-564E-4693-A9D9-80DB70C8E460}

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= C:\Program Files\Snap Shots\snapbar.dll [2007-08-16 14:30 380928]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-25 22:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebPatrolman"="C:\Internet Marketing\Web Patrolman\WebPatrolman.exe" [2006-03-15 09:29 655360]
"DayMate"="C:\Documents and Settings\Larry\Desktop\To-Do Lists\Daymate\DayMate\daymate.exe" [2008-01-14 06:23 6755328]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 18:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\EUDORA\EUSHLEXT.DLL [2001-04-12 18:05 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASWINLO.DLL 2007-06-28 08:32 294912 C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BBStartup.lnk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
backup=C:\WINDOWS\pss\BBStartup.lnk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=C:\WINDOWS\pss\Free WebSite Tools.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Greeting.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Greeting.lnk
backup=C:\WINDOWS\pss\Greeting.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lexmark X125 Settings Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
backup=C:\WINDOWS\pss\Lexmark X125 Settings Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=C:\WINDOWS\pss\SideACT!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTracker Pro.lnk
backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^eCentral.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\eCentral.lnk
backup=C:\WINDOWS\pss\eCentral.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^FriendFinder Messenger.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\FriendFinder Messenger.lnk
backup=C:\WINDOWS\pss\FriendFinder Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Stay On Focus.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Stay On Focus.lnk
backup=C:\WINDOWS\pss\Stay On Focus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Documents and Settings\Larry\Desktop\Spybot Adaware\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2005-11-28 14:02 118784 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 07:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
C:\Program Files\ESPNRunTime\DIGServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
--a------ 2006-10-17 03:01 143360 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker 2004]
C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Forrester Panel]
C:\Program Files\Forrester Panel\ForresterPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Forrester Panel Update]
C:\Program Files\Forrester Panel\ForresterPanelUa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-23 00:13 1591808 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
C:\Documents and Settings\Larry\Desktop\VOIP\Gizmo Project\Gizmo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-16 11:00 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--------- 2002-10-15 23:05 114688 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--------- 2002-10-15 23:18 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Buzz Daemon]
C:\Program Files\Instant Buzz\IBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-08-09 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadPowerProfile]
--a------ 2004-08-04 03:56 17408 C:\WINDOWS\SYSTEM32\powrprof.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
--------- 2004-08-13 17:41 86016 C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
--a------ 2006-11-02 11:21 156160 C:\Program Files\ReminderApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup]
D:\Installation\Setupx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-02-16 00:57 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-17 03:45 23120680 C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartToDo]
--a------ 2006-01-10 21:52 2334720 C:\Documents and Settings\Larry\Desktop\To-Do Lists\SmartToDo\Smart To-Do\SmartToDo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2003-04-24 16:53 54784 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stay On Focus]
--a------ 2007-05-15 09:42 260632 C:\Documents and Settings\Larry\Desktop\Downloads\Stay On Focus\stayonfocus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-28 08:32 1318912 C:\Documents and Settings\Larry\Desktop\Spybot Adaware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-07 18:56 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--------- 2003-03-31 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2005-10-13 07:47 81920 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2005-11-28 14:02 988701 C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vSkype]
--------- 2005-06-14 22:48 200704 C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherAloud]
C:\Documents and Settings\Larry\Desktop\Downloads\weatheraloud\WeatherAloud2\WeatherAloud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebPatrolman]
--a------ 2006-03-15 09:29 655360 C:\Internet Marketing\Web Patrolman\WebPatrolman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Documents and Settings\Larry\Desktop\Audiotools\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 17:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
"dla"=C:\WINDOWS\system\dla\tfswctrl.exe
"IgfxTray"=C:\WINDOWS\SYSTEM32\igfxtray.exe
"HotKeysCmds"=C:\WINDOWS\SYSTEM32\hkcmd.exe
"Necutray"=NECUTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"GhostStartService"=C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-03-01 06:13:56 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-25 14:03:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 11:32:32 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Documents and Settings\Larry\Desktop\Downloads\XoftSpyware\XoftSpySE\XoftSpy.exe
"2008-03-01 13:25:04 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Documents and Settings\Larry\Desktop\Downloads\XoftSpyware\XoftSpySE\XoftSpy.exe
"2008-02-28 11:36:20 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-01 13:25:04 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-13 18:31:30 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1202927302.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 08:26:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Documents and Settings\Larry\Desktop\CC Cleaner\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\Larry\Desktop\Audiotools\Oront Burning Kit 2\nmsaccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-03-01 8:37:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 13:37:30
ComboFix3.txt 2008-02-29 17:25:00
ComboFix2.txt 2008-03-01 07:18:38
.
2008-02-03 13:27:55 --- E O F ---

#14
Ryan

Posted 01 March 2008 - 10:40 AM

Member 4k

Member
4,867 posts

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

== Clear System Restore==

Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer

== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan along with an Uninstall List.

To obtain an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan

#15
blackstone

Posted 01 March 2008 - 05:17 PM

Member

Topic Starter
Member
118 posts

Kaspersky took a while, but here are the logs.

Thanks, again.
Larry
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 01, 2008 6:09:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/03/2008
Kaspersky Anti-Virus database records: 592387
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: false
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 415621
Number of viruses found: 6
Number of infected objects: 25
Number of suspicious objects: 2
Duration of the scan process: 02:58:00

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Profiles\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\Temporary Internet Files\Content.IE5\8LSHIRGL\bind[1].htm Object is locked skipped
C:\WINDOWS\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8B4F0AB5-9396-4DD9-A2B5-3001AACE0019}.bin Object is locked skipped
C:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped
C:\Program Files\Article Page Machine\cache\74790.html Suspicious: Exploit.HTML.CodeBaseExec skipped
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\disclaimer.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\earnings.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\tos.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\admin.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\ads.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\generate.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\CB Ads Genie\cbadsgenie\generate.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\CB Ads Genie\cbadsgenie\ads.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\CB Ads Genie\cbadsgenie\admin.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\Master resell rights\cbadsgenie\generate.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\Master resell rights\cbadsgenie\ads.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\Master resell rights\cbadsgenie\admin.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\Master resell rights\clickadsprolite\admin.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\Master resell rights\clickadsprolite\ads.php Infected: Exploit.PHP.Deftool.e skipped
C:\Internet Marketing\Master resell rights\clickadsprolite\generate.php Infected: Exploit.PHP.Deftool.e skipped
C:\Old Computer\old C\WINDOWS\SYSTEM\PussyHigh-uninstall.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Old Computer\old C\WINDOWS\SYSTEM\SYSsfitb.dll Infected: not-a-virus:AdWare.Win32.SearchIt.d skipped
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\disclaimer.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\earnings.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\tos.htm Infected: Trojan-Clicker.HTML.IFrame.jr skipped
C:\Documents and Settings\Larry\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\temp\~DF7D22.tmp Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\temp\~DF4A50.tmp Object is locked skipped
C:\Documents and Settings\Larry\Desktop\Downloads\NicheContentWebsites\free-members-317\free-give-away-content\fashion-school-site\flags.php Infected: Exploit.PHP.Deftool.e skipped
C:\Documents and Settings\Larry\Desktop\Downloads\NicheContentWebsites\free-members-317\free-give-away-content\fashion-school-site\lang.php Infected: Exploit.PHP.Deftool.e skipped
C:\Documents and Settings\Larry\Desktop\Downloads\cache\87687.html Suspicious: Exploit.HTML.CodeBaseExec skipped
C:\Documents and Settings\Larry\Desktop\Video Tools\Super Video Suite\Download_AVSVideoToolsTrial.exe Infected: not-a-virus:Downloader.Win32.Keylogger.a skipped
C:\Documents and Settings\Larry\Desktop\Dispatch\dispatch\DISPATCH030308.xls Object is locked skipped
C:\Documents and Settings\Larry\Desktop\Dispatch\dispatch\DISPATCH030108.xls Object is locked skipped
C:\Documents and Settings\Larry\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Larry\Application Data\MailWasherPro\Trash.rot135 Object is locked skipped
C:\Documents and Settings\Larry\Application Data\MailWasherPro\tmpLog.txt Object is locked skipped
C:\Documents and Settings\Larry\Application Data\MailWasherPro\Training\Training archive - junk.rot135 Object is locked skipped
C:\Documents and Settings\Larry\Application Data\MailWasherPro\Training\Training archive - legitimate.rot135 Object is locked skipped
C:\Documents and Settings\Larry\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Larry\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\System Volume Information\_restore{AB4F135B-BB32-4EAE-BDBD-3397A76E63C9}\RP1743\change.log Object is locked skipped

Scan process completed.

1.0.0.0
Acronis True Image
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 7.0.9
Agogo DVD Copy 4.78
AI RoboForm (All Users)
Aimersoft DVD Ripper(Build 1.0.16)
Aimersoft Video Converter(Build 1.0.21)
ALZip
AMPliFlyer
Apple Software Update
Armand Morin's Header Generator
Armand Morin's Sales Letter Generator 1.05
Art Plus Download Assistant
Art Plus EasyNoter LITE 3.7
Article Assistance 1.5
Article Page Machine 1.0
Article Submitter 1.4
ArticleSubmitter Pro
Auction-O-Matic V1.0
Audio Recorder Optimizer (remove only)
AviSynth 2.5
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
AVStoDVD
Belarc Advisor 7.0
Blog Announcer Pro 1.0
Blog Media Uploader v1.1
Blog Navigator
BlogDesk 2.6
BrainBullet! 2.0
Bullfighter 1.2
BwgBurn Version 0.7.0
CAM UnZip 4.4
CamStudio
CamStudioPro
Camtasia Studio 3
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Color LaserJet 1600
ColorPic
Conference Client Uninstall
CSE HTML Validator Standard v8.04
CSVed
DayMate
dBpowerAMP Music Converter
DeepBurner v1.8.0.224
DeepRipper v 1.1
DFextractor
Direct Show Ogg Vorbis Filter (remove only)
Directory-Submitter
Distraction Zapper
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dragon NaturallySpeaking 8
DTAlpha FREE
DVD Copy Now
DVD Shrink 3.2
Easy Time Tracking Pro 3.0.7
EasyCleaner
Ebook Librarian
eBook Pro Viewer 5.52
EC Software TNT Screen Capture 2.1
Elecard AVC HD 2 DV Transcoder
Elprime Media Recovery 1.5
EPSON Printer Software
EVEREST Home Edition v2.20
EverNote
ewido security suite
ExpirePro Full
Express Burn Uninstall
Express Rip Uninstall
Fast Video Indexer 1.02
Filzip 3.06
FlashGin 1.5
FlashSpring Pro 2.2.4
FLV Producer Lite
FLV Video Downloader 1.0
FontPage 3.0.0
Foxit Reader
Free DVD Ripper Version 2.25
FreeMind
Gecko Runtime Environment (1.7.3_2004091008)
GigaVox Media Levelator 1.1
GIMPshop .1 beta
Good Keywords v2.0.091406
Google Desktop
Google Gmail Notifier
Google Notebook for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
Greeting Card Factory Photo Card Maker
GTK+ 2.6.7 runtime environment
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp instant support
HP Memories Disc
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
HP Product Detection
httPulse
Impact PopUp 1.0
Impact Web Audio Light
InControl 2.5
Instant Audio Streamer
Instant Video Streamer
Instant Video Suite v1.0
Intel Application Accelerator
Intel® Extreme Graphics Driver Software
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD Creator
InterVideo WinDVD Recorder
Intro and Exit Music Mixer
IObit SmartDefrag Beta 2.0
iPod for Windows 2006-06-28
iPodder 2.0
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
Jim Edwards Audio Presentation Wizard v2.2
Kaspersky Online Scanner
KC Softwares AVIToolbox
Keyword Analyzer 2.1
Keyword Spider 1.0
Lernout & Hauspie TruVoice American English TTS Engine
Lernout & Hauspie TruVoice for Microsoft Agent
Local Keywords Gold 1.0
Longtail Articles
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Shockwave Player
MailWasher Pro
Malwarebytes' Anti-Malware
MFZ0 codec (Remove Only)
Micro Niche Finder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft FrontPage 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Speech API 3.0
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
Morpheus Photo Morpher v3.01
Moyea DVD Ripper version 1.1.2.14
Moyea SWF to Video Converter Pro version 1.16.2.0
Mozilla (1.7.3)
Mozilla Firefox (2.0.0.11)
MP3 Recorder Studio 5.8
MSN Messenger 7.5
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multi-Edit Lite 2006 .03
Multimedia Ebook Creator
MuvAudio2
muveeNow 2.2
MyDVD
Nero - Burning Rom
Nero 7 Essentials
neroxml
Net Audio Pro 1.4
Net Snippets
Niche Browser 1.0
novaPDF Lite Desktop 5.2 printer
Nvu 1.0
Online Gold Finder
OpenOffice.org 2.0
Oront Burning Kit 2 Basic v2.1.7
Orwell
Paint.NET v3.10
Panda ActiveScan
PDF Ripper 2.01
Pdf995
PdfEdit995
Photo Story 3 for Windows
Plato DVD Ripper Pro 6.66.2
Plato Video Converter 5.68
PLR Manager v1.0.0 Beta
Pocket Voice Recorder
Podcast Wizard
PowerDVD
PrimoPDF
Quick To-Do Light ver. 3.1
QuickBooks Pro 2002
QuickTime
Rapid Niche Websites System
Rapid Niche Websites V2
RapidFormatter Videos
RapidPoster
Realtek AC'97 Audio
RecordPad Sound Recorder Uninstall
RegCure 1.5.0.0
Riva FLV Encoder 2.0
RSS Submit
SafeStream
Santa Letters
SAPI51forSayPad
SayPad
Scott's Box Shot Maker
Scribus 1.3.3.8
Search Automator Pro 2.0
SearchGT
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Serif DrawPlus 4.0
Shockwave
ShowBiz
Simple Sales Copy
Simple Search-Replace
SkypeCap
Skype™ 3.5
Smart To-Do 1.8
SmartFTP Client
SmartFTP Client 2.0 Setup Files (remove only)
SmartFTP Client 2.5 Setup Files (remove only)
Snap Shots
SolveigMM WMP Trimmer Plugin
Sonic DLA
Sonic Memo Lite 1.0
Sonic RecordNow DX
Sonic Simple Backup
Sonic Update Manager
Sonic Update Manager
Sp5TTIntXP
Squeeze Page Generator
StarBurn(GiveAwayOfTheDay) Version 9.5 (Build 0x20071220)
Stay On Focus 1.2
StepVoice Recorder 1.4
StomperScrutinizer
StomperScrutinizer
StompSoft Backup MyPC
SUPERAntiSpyware Free Edition
SWF Video Converter 3.0 (build 3.0.20.77)
Switch Uninstall
SysSense
TagTooga.com Delicioso
TemplateGenerator
TemplateGenerator
TextAloud
TextPad 4.7
The GIMP 2.2.8
The Logo Creator v4
TheDowser Free Edition v5.3.0
Total Recorder 5.3
Trend Micro Internet Security
Trend Micro Internet Security
TuneUp Utilities 2006
Turbine Video Encoder - Free Edition 1.0
Turbo Lister 2
Ultimate Paint 2.86
Ultimate Subscription Box Builder
Undie Market Radar 1.0
Uninstall Startup Inspector
Uninstall Windows 9x USB 2.0 Support
UnpackRNW153
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URL Explorer v1.0.111803
V2F
V2F 3.0.1
VeryPDF PDF2Word v3.0
Videora iPod Converter 0.91
Viral Instigator2
vSkype
WavePad Uninstall
Web Audio Plus
Webshots Desktop
Website Jukebox (remove only)
Website Jukebox 5.3.7 (remove only)
WebsiteArticleWizard
WebsiteArticleWizard
WebsiteArticleWizard
WebsiteArticleWizard
WebsiteContentWizard
WebsiteContentWizard
WinASO Registry Optimizer 2.6
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
winLAME rc3 (remove only)
WinRAR archiver
Wisdom-soft ScreenHunter 4.0 Free
Wondershare FlashOnTV(Build 3.0.16)
Wondershare iPod Slideshow 1.0.0
Wondershare YouTube Downloader(Build 1.0.16)
WUndelete 3.0
XSite Pro
XviD MPEG-4 Codec
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZC Video Converter 1.2.1