Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:46 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
E:\Portable apps USB-512\PStart.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Darren\My Documents\Computer Repair Utility Kit\Computer Repair Utility Kit\Virus and Malware Removal Tools\RunScanner.exe
C:\Documents and Settings\Darren\My Documents\runscanner.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Darren\LOCALS~1\Temp\delus.exe
O4 - HKLM\..\RunOnce: [ws_uninst] C:\DOCUME~1\Darren\LOCALS~1\Temp\ws_uninst.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
--
End of file - 12326 bytes
Scan Started Sun Jan 20 19:13:19 2008
-------------------------------------------------------------------------------
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\default\Local Settings\Temporary Internet Files\Content.IE5\F36QA0OY\site=cnn&cnn_pagetype=feature_series&cnn_position=180x150_lft&cnn_rollup=technology&cnn_section=consumer_electronics_show&page.allowcompete=yes¶ms[1].[1].Sl¤Àsm¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\0XYK7BET\182;sz=480x70;!c=182;kvid=92ag802X8Nk;kpu=nalts;kgender=m;ko=y;kpid=182;kr=N;kage=40;kt=U;u
=92ag802X8Nk%7C182%7CF766A0F34D97F0D9;tile=1;dcopt=ist;ord=90833[1].asx.asxëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\0XYK7BET\sz=300x250;!c=3;kvid=CY86R1qjgDc;kpu=CBS;kgender=m;ko=p;kpid=3;kr=F;kage=40;kt=U;u=CY86R
1qjgDc%7C3%7C098F3A475AA38037;tile=1;dcopt=ist;ord=3115080121230590[1].htm.htmëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\177403865;sz=450x60;!c=182;kvid=92ag802X8Nk;kpu=nalts;kgender=m;ko=y;kpid=182;kr=N;kage=40;kt=U;u
=92ag802X8Nk%7C182%7CF766A0F34D97F0D9;tile=2;ord=906387487[1].asx.asxëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\70;!c=1007;kvid=uXgU-22ymnQ;kpu=stellastewart;kgender=m;ko=y;kpid=1007;kr=F;kage=40;kt=U;u=uXgU-22ymnQ%7C1007%7CB97814FB6DB29A74;tile=1;dcopt=ist;ord=90976[1].asx.asxëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\=1;pid=18708550;aid=175629340;ko=0;cid=24425136;rid=24442989;rv=1;×tamp=1200754806500;eid1=2;ecn1=1;etm1=10;eid2=3;ecn2=1;etm2=2;eid3=4;ec
n3=1;etm3=0;[1].gif.gifëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\sz=480x70;!c=79;kvid=w_EHF172MOc;kpu=lonelygirl15;kgender=m;ko=y;kpid=79;kr=F;kage=40;k
t=U;u=w_EHF172MOc%7C79%7CC3F107175EF630E7;tile=1;dcopt=ist;ord=79619[1].asx.asxëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\Q81Q6ZZC\c=79;kvid=w_EHF172MOc;kpu=lonelygirl15;kgender=m;ko=y;kpid=79;kr=F;kage=40;
kt=U;u=w_EHF172MOc%7C79%7CC3F107175EF630E7;tile=1;dcopt=ist;ord=4391709271918053[1].htm.htmëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\TZLBVVD2\77403865;sz=300x250;!c=182;kvid=92ag802X8Nk;kpu=nalts;kgender=m;ko=y;kpid=182;kr=N;kage=40;kt=U;u
=92ag802X8Nk%7C182%7CF766A0F34D97F0D9;tile=3;ord=906387487[1].htm.htmëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\TZLBVVD2\kvid=uXgU-22ymnQ;kpu=stellastewart;kgender=m;ko=y;kpid=1007;kr=F;kage=40;kt=U;u=uXgU-22ymnQ%7C1007%7CB97814FB6DB29A74;tile=1;dcopt=ist;ord=9035058276017298[1].htm.htmëj¤À‹k¤À/@@, No such file or directory
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf, Permission denied
WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\security\tmp.edb, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied
C:\Documents and Settings\Darren\D03094768\Local Settings\Application Data\Mozilla\Firefox\Profiles\7nzzwxud.default\Cache\_CACHE_003_: Exploit.IFrame.Gen-1 FOUND
C:\Documents and Settings\Darren\default\Desktop\Client_Warzoner51_G4_ep2_p2.part1\fireguard\fgACCher.dll: Worm.Mytob.GQ-1 FOUND
C:\Documents and Settings\Darren\Desktop\Desktop\Portable apps USB-512\Utilities\SysInfo\siw\siw.exe: Exploit.DCOM.Gen FOUND
C:\Documents and Settings\Darren\Local Settings\Temp\WER2d09.dir00\explorer.exe.hdmp: Trojan.BAT.Deltree-23 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 192483
Engine version: 0.91.2
Scanned directories: 16371
Scanned files: 110773
Skipped non-executable files: 2324
Infected files: 4
Data scanned: 80221.59 MB
Time: 31094.844 sec (518 m 14 s)
--------------------------------------
Completed
--------------------------------------
Scan Started Mon Jan 21 05:56:25 2008
-------------------------------------------------------------------------------
E:\Portable apps USB-512\Utilities\SysInfo\siw\siw.exe: Exploit.DCOM.Gen FOUND
----------- SCAN SUMMARY -----------
Known viruses: 192483
Engine version: 0.91.2
Scanned directories: 97
Scanned files: 1183
Skipped non-executable files: 0
Infected files: 1
Data scanned: 150.43 MB
Time: 351.141 sec (5 m 51 s)
--------------------------------------
Completed
--------------------------------------
Runscanner logfile http://www.runscanner.net
* = authenticode signed file
- = file not found
000 General info
----------------
Computer name : MIR-LT-03094768
Creation time : 1/20/2008 7:06:07 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS
001 Running processes
---------------------
c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe (Adobe Systems Inc.)
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Lavasoft)
* c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe (Lavasoft AB)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
c:\program files\widcomm\bluetooth software\bin\btwdins.exe (Broadcom Corporation.)
c:\program files\widcomm\bluetooth software\bttray.exe (Broadcom Corporation.)
c:\program files\boinc\boinc.exe (Space Sciences Laboratory)
c:\program files\boinc\boincmgr.exe (Space Sciences Laboratory)
c:\program files\bonjour\mdnsresponder.exe (Apple Inc.)
c:\program files\network associates\common framework\updaterui.exe (Network Associates, Inc.)
* c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
c:\program files\network associates\common framework\frameworkservice.exe (Network Associates, Inc.)
c:\program files\google\gmail notifier\gnotify.exe (Google Inc.)
* c:\program files\google\google desktop search\googledesktop.exe (Google)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe (Hewlett-Packard Development Company, L.P.)
c:\progra~1\hpq\shared\hpqtoa~1.exe
c:\program files\hewlett-packard\shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
* c:\program files\ipod\bin\ipodservice.exe (Apple Inc.)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
* c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\program files\common files\logitech\khalshared\khalmnpr.exe (Logitech Inc.)
c:\program files\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\windows\system32\lxrjd31s.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation)
c:\program files\network associates\virusscan\mcshield.exe (Network Associates, Inc.)
c:\program files\network associates\virusscan\shstat.exe (Network Associates, Inc.)
c:\program files\paltalk messenger\paltalk.exe (AVM Software Inc.)
* c:\windows\system32\igfxpers.exe (Intel Corporation)
e:\portable apps usb-512\pstart.exe (Pegtop Software)
c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe ( Hewlett-Packard Development Company, L.P.)
* c:\program files\common files\intervideo\regmgr\iviregmgr.exe (InterVideo)
c:\windows\system32\rpcnet.exe (Absolute Software Corp.)
* c:\documents and settings\darren\my documents\computer repair utility kit\computer repair utility kit\virus and malware removal tools\runscanner.exe (Runscanner.net)
* c:\documents and settings\darren\my documents\runscanner.exe (Runscanner.net)
c:\program files\boinc\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe (Space Sciences Laboratory)
c:\program files\boinc\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe (Space Sciences Laboratory)
* c:\program files\analog devices\core\smax4pnp.exe (Analog Devices, Inc.)
* c:\program files\eacceleration\station\station.exe (eAcceleration Corp)
* c:\program files\uniblue\spyeraser\spyeraser.exe (Uniblue Software)
* c:\program files\acceleration software\anti-virus\stopsignav.exe (eAcceleration Corp)
c:\program files\common files\network associates\talkback\tbmon.exe (Network Associates, Inc.)
c:\program files\network associates\virusscan\vstskmgr.exe (Network Associates, Inc.)
c:\program files\winrar\winrar.exe
002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\google\gmail notifier\gnotify.exe (Google Inc.)
c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe (Adobe Systems Inc.)
* c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe (Hewlett-Packard Development Company, L.P.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
* c:\windows\system32\igfxpers.exe (Intel Corporation)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
* C:\WINDOWS\khalmnpr.exe (Logitech Inc.)
* C:\WINDOWS\khalmnpr.exe (Logitech Inc.)
c:\program files\network associates\common framework\updaterui.exe (Network Associates, Inc.)
c:\program files\common files\network associates\talkback\tbmon.exe (Network Associates, Inc.)
C:\Program Files\hewlett-packard\hp quick launch buttons\qlbctrl.exe ( Hewlett-Packard Development Company, L.P.)
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\program files\network associates\virusscan\shstat.exe (Network Associates, Inc.)
* c:\program files\eacceleration\station\station.exe (eAcceleration Corp)
c:\program files\analog devices\soundmax\smax4.exe (Analog Devices, Inc.)
* c:\program files\analog devices\core\smax4pnp.exe (Analog Devices, Inc.)
* c:\program files\acceleration software\anti-virus\ssssmon.dll (eAcceleration Corp)
* c:\program files\acceleration software\anti-virus\sstsmon.dll (eAcceleration Corp)
* c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
c:\program files\intervideo\dvd check\dvdcheck.exe (InterVideo Inc.)
* c:\program files\acceleration software\anti-virus\stopsignav.exe (eAcceleration Corp)
003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\uniblue\spyeraser\spyeraser.exe (Uniblue Software)
004 C:\Documents and Settings\Darren\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\boinc\boincmgr.exe (Space Sciences Laboratory)
* c:\progra~1\verizo~1\vzacce~1\vzacce~1.exe (Smith Micro Software, Inc.)
005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
c:\progra~1\adobe\acroba~1.0\reader\reader~1.exe (Adobe Systems Incorporated)
c:\progra~1\widcomm\blueto~1\bttray.exe (Broadcom Corporation.)
c:\progra~1\interv~1\dvdche~1\dvdcheck.exe (InterVideo Inc.)
c:\progra~1\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\progra~1\paltal~1\paltalk.exe (AVM Software Inc.)
010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
c:\program files\common files\adobe systems shared\service\adobelmsvc.exe (Adobe LM Service)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
c:\program files\widcomm\bluetooth software\bin\btwdins.exe (Bluetooth Service)
c:\program files\bonjour\mdnsresponder.exe (Bonjour Service)
* c:\program files\google\google desktop search\googledesktop.exe (Google Desktop Manager 5.5.709.30344)
c:\program files\hewlett-packard\shared\hpqwmiex.exe (hpqwmiex)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
* c:\program files\common files\intervideo\regmgr\iviregmgr.exe (IviRegMgr)
C:\WINDOWS\system32\lxrjd31s.exe (Lexar JD31)
c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Machine Debug Manager)
c:\program files\network associates\common framework\frameworkservice.exe (McAfee Framework Service)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe (Net.Tcp Port Sharing Service)
c:\program files\network associates\virusscan\mcshield.exe (Network Associates McShield)
c:\program files\network associates\virusscan\vstskmgr.exe (Network Associates Task Manager)
c:\windows\system32\rpcnet.exe (Remote Procedure Call (RPC) Net)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace)
011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\WINDOWS\system32\drivers\adihdaud.sys (ADI UAA Function Driver for High Definition Audio Service)
* C:\WINDOWS\system32\drivers\aeaudio.sys (AEAudio Service)
* C:\WINDOWS\system32\drivers\agrsm.sys (Agere Systems Soft Modem)
C:\WINDOWS\system32\drivers\naiavf5x.sys (Anti-Virus File System Filter Driver)
C:\WINDOWS\system32\drivers\btkrnl.sys (Bluetooth Bus Enumerator)
* C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom 440x 10/100 Integrated Controller)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
c:\windows\system32\drivers\entdrv51.sys (EntDrv51)
* C:\WINDOWS\system32\drivers\eabusb.sys (Extended Base)
* C:\WINDOWS\system32\drivers\eabfiltr.sys (Extended Base)
* C:\WINDOWS\system32\drivers\cpqbttn.sys (Extended Base)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
* C:\WINDOWS\system32\drivers\iastor.sys (Intel AHCI Controller)
* C:\WINDOWS\system32\drivers\netw4x32.sys (Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit)
* C:\WINDOWS\system32\drivers\l8042kbd.sys (Logitech SetPoint Keyboard Driver)
* C:\WINDOWS\system32\drivers\lhidfilt.sys (Logitech SetPoint KMDF HID Filter Driver)
* C:\WINDOWS\system32\drivers\lmoufilt.sys (Logitech SetPoint KMDF Mouse Filter Driver)
* C:\WINDOWS\system32\drivers\lusbfilt.sys (Logitech SetPoint KMDF USB Filter)
c:\windows\system32\drivers\lxrjd31d.sys (LxrJD31d)
* C:\WINDOWS\system32\drivers\hdaudbus.sys (Microsoft UAA Bus Driver for High Definition Audio)
* C:\WINDOWS\system32\drivers\ptdcbus.sys (PANTECH PC Card Composite Device Driver (UDP))
* C:\WINDOWS\system32\drivers\ptdcvsp.sys (PANTECH PC Card Diagnostic Serial Port (UDP))
* C:\WINDOWS\system32\drivers\ptdcmdm.sys (PANTECH PC Card Drivers (UDP))
* C:\WINDOWS\system32\drivers\ptdcwwan.sys (PANTECH PC Card WWAN Controller device driver)
C:\WINDOWS\system32\drivers\mvstdi5x.sys (PNP_TDI)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\lmouke.sys (SetPoint Mouse Filter Driver)
* C:\WINDOWS\system32\drivers\l8042mou.sys (SetPoint PS/2 Mouse Filter Driver)
* C:\WINDOWS\system32\drivers\ialmnt5.sys (Video)
C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {47833539-D0C5-4125-9FA8-0819E2EAAC93}
042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
c:\program files\paltalk messenger\paltalk.exe (AVM Software Inc.) {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {47833539-D0C5-4125-9FA8-0819E2EAAC93}
052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
* c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {AE7CD045-E861-484f-8273-0445EE161910}
* c:\program files\java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll (Adobe Systems Inc.) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\program files\logitech\setpoint\mcplext.dll (Logitech Inc.) {B9B9F083-2B04-452A-8691-83694AC1037B}
c:\program files\logitech\setpoint\kbcplext.dll (Logitech Inc.) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
c:\windows\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
* c:\program files\acceleration software\anti-virus\dsshell.dll (eAcceleration Corp) {BB83FD23-AC96-472D-8AA2-7D8560A61D1A}
c:\program files\textpad 4\system\shellext.dll (Helios Software Solutions) {2F25CF20-C569-11D1-B94C-00608CB45480}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
* C:\WINDOWS\system32\lsdelete.exe
067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
c:\windows\system32\adobepdf.dll (Adobe Systems Incorporated.)
C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.)
073 %windir%\Tasks
------------------
AppleSoftwareUpdate.job : c:\program files\apple software update\softwareupdate.exe (Apple Inc.)
Low Battery Alarm Program.job :
100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://ie.search.msn...st/srchcust.htm
Default_Page_URL HKLM : http://go.microsoft....k/?LinkId=69157
Default_Search_URL HKLM : http://go.microsoft....k/?LinkId=54896
ProxyOverride HKCU : *.local
Search Page HKCU : http://www.microsoft...amp;ar=iesearch
Search Page HKLM : http://go.microsoft....k/?LinkId=54896
SearchAssistant HKLM : http://www.google.com/ie
ShellNext HKCU : http://www.microsoft...p...&ar=msnhome
Start Page HKCU : http://www.microsoft...p...&ar=msnhome
Start Page HKLM : http://go.microsoft....k/?LinkId=69157
102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {182EC0BE-5110-49C8-A062-BEB1D02A220B}
104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\system32\ogacheckcontrol.dll {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
* c:\windows\system32\macromed\director\swdir.dll (Adobe Systems, Inc.) {166B1BCA-3F9C-11CF-8075-444553540000}
* c:\program files\divx\divx web player\npdivx32.dll (DivX,Inc.) {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
c:\program files\oracle\jinitiator 1.1.8.16\bin\beans.ocx (Oracle Corporation) {9b935470-ad4a-11d5-b63e-00c04faedb18}
c:\windows\opuc.dll (Microsoft Corporation) {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9d.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Convert link target to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert link target to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Convert selected links to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Convert selected links to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Convert selection to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert selection to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Convert to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
Send To &Bluetooth : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
---------------------------------------------------------------------------------
c:\program files\bonjour\mdnsnsp.dll (Apple Inc.)
136 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (+subkeys)
---------------------------------------------------------------------
c:\docume~1\darren\locals~1\temp\delus.exe (H+BEDV Datentechnik GmbH)
* c:\program files\acceleration software\anti-virus\ssssmon.dll (eAcceleration Corp)
161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
##10.32.8.120#g : Z:\autorun.exe
{4a95bb05-8642-11dc-8c57-806d6172696f} : D:\LaunchTraining.exe
E : E:\LaunchU3.exe -a
171 HKCU\Control Panel\Desktop\SCRNSAVE.EXE
-------------------------------------------
c:\windows\boinc.scr (Space Sciences Laboratory)
173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\program files\textpad 4\system\shellext.dll (Helios Software Solutions) {2F25CF20-C569-11D1-B94C-00608CB45480}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
* c:\program files\acceleration software\anti-virus\dsshell.dll (eAcceleration Corp) {BB83FD23-AC96-472D-8AA2-7D8560A61D1A}
c:\program files\network associates\virusscan\shext.dll (Network Associates, Inc.) {cda2863e-2497-4c49-9b89-06840e070a87}
c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll (Adobe Systems Inc.) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}