Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Home page hi-jack [RESOLVED]

Started by cayguy , Jan 24 2008 06:40 PM

  • This topic is locked This topic is locked

#1
cayguy
Posted 24 January 2008 - 06:40 PM

cayguy

    Member

  • Member
  • PipPip
  • 11 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:04 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
c:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globeandmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Norton\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124153639421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42EDAF22-5BD7-4496-8A15-B543D4C78303}: NameServer = 209.27.52.51 209.27.52.56
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

--
End of file - 11897 bytes



SUPERAntiSpyware Scan Log
Generated 01/22/2008 at 07:12 PM

Application Version : 3.6.1000

Core Rules Database Version : 3385
Trace Rules Database Version: 1379

Scan type : Complete Scan
Total Scan Time : 00:38:35

Memory items scanned : 537
Memory threats detected : 0
Registry items scanned : 5755
Registry threats detected : 0
File items scanned : 52490
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\phil\Cookies\[email protected][1].txt
  • 0

Advertisements

#2
Rorschach112
Posted 26 January 2008 - 10:02 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download rootchk by Ejvindh to your desktop.
  • Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
  • Disconnect from the internet
  • Double click rootchk.exe to run the program
  • After a short time a logfile will open.
  • Copy the contents of the log into your next reply.
  • Re-enable active protection on any program you have disabled while completing the scan

**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
cayguy
Posted 27 January 2008 - 03:18 PM

cayguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Rorschach112.....please find attached the Rootchk, DDS and Kaspersky scans. I tried sending a minute ago, but I screwed something up. Thanks for you patience and help!

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Sun 01/27/2008 12:17:45.03

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 12:17:46
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0



Deckard's System Scanner v20071014.68
Run by phil on 2008-01-27 12:35:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as phil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:46 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\WinPortrait\floater.exe
c:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\FB6JVMLJ\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\phil.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Norton\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124153639421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42EDAF22-5BD7-4496-8A15-B543D4C78303}: NameServer = 209.27.52.51 209.27.52.56
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

--
End of file - 13322 bytes

-- Files created between 2007-12-27 and 2008-01-27 -----------------------------

2008-01-27 07:17:02 912 --a------ C:\WINDOWS\system32\miniPortInfo.dat
2008-01-24 20:04:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-24 20:04:47 0 d-------- C:\Program Files\Logitech
2008-01-24 20:04:47 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-01-24 20:03:24 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-22 18:30:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 18:30:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-22 18:30:41 0 d-------- C:\Documents and Settings\phil\Application Data\SUPERAntiSpyware.com
2008-01-21 21:45:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-20 21:20:52 0 d-------- C:\Program Files\Lavasoft
2008-01-20 21:20:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-20 21:19:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 21:15:12 0 d-------- C:\Documents and Settings\phil\Application Data\Adobe
2007-12-28 14:25:22 0 dr-h----- C:\Documents and Settings\LocalService\Recent


-- Find3M Report ---------------------------------------------------------------

2008-01-26 22:30:43 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat
2008-01-26 22:30:43 384 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat
2008-01-24 20:04:47 0 d-------- C:\Program Files\Common Files
2008-01-22 20:12:32 0 d-------- C:\Program Files\WinPortrait
2008-01-22 20:11:42 0 d-------- C:\Program Files\QuickTime
2008-01-22 20:08:01 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-01-22 20:07:58 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-01-20 21:21:31 0 d-------- C:\Documents and Settings\phil\Application Data\Lavasoft
2008-01-20 20:48:43 0 d-------- C:\Program Files\MalWhere
2008-01-20 20:24:42 0 d-------- C:\Program Files\Trend Micro
2008-01-20 20:09:57 0 d-------- C:\Documents and Settings\phil\Application Data\MSN6
2008-01-18 08:03:57 0 d-------- C:\Program Files\Windows Live Toolbar
2008-01-18 08:03:51 0 d-------- C:\Program Files\Windows Live Favorites
2008-01-18 07:57:45 0 d-------- C:\Program Files\Google
2008-01-03 21:11:39 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-26 11:57:39 0 d-------- C:\Program Files\Windows Live
2007-12-26 11:57:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-25 22:09:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 14:20:08 921632 --a------ C:\StiImg.dat
2007-12-05 20:24:35 0 d-------- C:\Program Files\PKWARE
2007-12-05 20:24:35 0 d-------- C:\Program Files\Common Files\PKWARE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [08/04/2004 02:56 AM C:\WINDOWS\system32\irprops.cpl]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [11/08/2002 05:50 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [07/10/2003 06:25 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/10/2003 06:13 AM]
"tgcmd"="" []
"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [03/17/2003 05:27 PM]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 03:01 AM]
"@"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [01/16/2004 12:41 PM]
"CTHelper"="CTHELPER.EXE" [10/06/2003 01:57 AM C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [12/03/2002 06:06 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [05/15/2003 06:45 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 06:41 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [01/28/2004 01:04 AM]
"PivotSoftware"="C:\Program Files\WinPortrait\wpctrl.exe" [12/06/2002 09:38 AM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" [06/01/2003 03:00 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [07/02/2003 10:03 AM]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [07/30/2003 03:01 PM]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [07/30/2003 03:01 PM]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [11/12/2002 12:02 PM]
"RemoteCenter"="" []
"NWEReboot"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 05:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/06/2006 09:40 PM]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.exe" [10/11/2006 12:09 PM]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe" [02/01/2006 06:13 PM]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [07/25/2007 04:02 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [07/25/2007 04:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IBM RecordNow!"="" []
"tgcmd"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [01/16/2004 12:41 PM]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [06/12/2003 09:47 AM]
"RemoteControl"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/20/2007 09:25 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 09/27/2005 12:13 PM 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-01-27 12:40:32 ------------





KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 3:48:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534146


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 66931
Number of viruses found 1
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 01:07:32

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\IBM\messages\logs\lf000.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\phil\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\phil\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped

C:\Documents and Settings\phil\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped

C:\Documents and Settings\phil\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\phil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\phil\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\phil\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Temp\~DF821D.tmp Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Temp\~DF822F.tmp Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Temp\~DFA7E6.tmp Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\phil\ntuser.dat Object is locked skipped

C:\Documents and Settings\phil\ntuser.dat.LOG Object is locked skipped

C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE/IGWSE2SAS2.1WM2.1.EXE/HOTVIEW.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped

C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE/IGWSE2SAS2.1WM2.1.EXE/VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped

C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE/IGWSE2SAS2.1WM2.1.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped

C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE ZIP: infected - 3 skipped

C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped

C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSK_NAMES2_3 Object is locked skipped

C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSK_NAMES_3 Object is locked skipped

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP680\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\{00000003-00000000-0000000A-00001102-00000004-20021102}.CDF Object is locked skipped

Scan process completed.
  • 0

#4
Rorschach112
Posted 27 January 2008 - 03:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Also could you tell me what problems you are having
  • 0

#5
cayguy
Posted 27 January 2008 - 06:53 PM

cayguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello there;

Deleted the item as you recommended. the issue that prompted me to go to this site was on start-up my home page was frequently (but not always) gettinghijcked to "msn.com" and when doing so, start-up took forever and often timed out.

Thanks.
  • 0

#6
Rorschach112
Posted 27 January 2008 - 06:55 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the box beside Reg - Disabled MS Config Items.
  • Under Rootkit Search change that to Yes.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0

#7
cayguy
Posted 27 January 2008 - 07:58 PM

cayguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here's the scan, thanks.

[code=auto:0]WinPFind35 logfile created on: 1/27/2008 8:03:34 PM
WinPFind35U Version Beta38 Folder = C:\Documents and Settings\phil\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1022.98 Mb Total Physical Memory | 335.45 Mb Available Physical Memory | 32.79% Memory free
2.40 Gb Paging File | 1.75 Gb Available in Paging File | 72.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.21 Gb Total Space | 52.06 Gb Free Space | 72.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IBM-CB1A4B3268A
Current User Name: phil
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
pavsrv51.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
avengine.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE -> Panda Software International [Ver = 2, 0, 1840, 33 | Size = 106496 bytes | Modified Date = 8/8/2006 6:25:32 PM | Attr = ]
tpsrv.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 10/9/2006 4:15:38 PM | Attr = ]
pnmsrv.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 8/2/2006 2:05:54 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 12:40:48 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 184408 bytes | Modified Date = 3/20/2003 11:17:04 AM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 3:01:00 AM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr = ]
pavfnsvr.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 7/21/2006 12:22:32 PM | Attr = ]
pavprsrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 7/25/2005 2:02:22 AM | Attr = ]
pskmssvc.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 3/31/2006 2:50:52 PM | Attr = ]
psimsvc.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ]
pastisvc.exe -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/14/2005 9:32:38 AM | Attr = ]
apvxdwin.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 10/11/2006 12:09:16 PM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr = ]
smtray.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 13, 0 | Size = 98304 bytes | Modified Date = 11/8/2002 5:50:32 PM | Attr = ]
ibmmessages.exe -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.011 | Size = 581632 bytes | Modified Date = 1/16/2004 12:41:44 PM | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 1:57:32 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.07b | Size = 118837 bytes | Modified Date = 1/28/2004 1:04:00 AM | Attr = ]
wpctrl.exe -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 692008 bytes | Modified Date = 12/6/2002 9:38:30 AM | Attr = ]
e_s4i2k1.exe -> %System32%\spool\drivers\w32x86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.3.8.0 | Size = 57344 bytes | Modified Date = 7/2/2003 10:03:54 AM | Attr = ]
srvload.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\SrvLoad.exe -> Panda Software International [Ver = 6.01.01.00 | Size = 73728 bytes | Modified Date = 1/31/2006 4:42:04 PM | Attr = ]
ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 1:00:00 AM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> MUSICMATCH, Inc. [Ver = 8.00.0109 | Size = 114688 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ]
floater.exe -> %ProgramFiles%\WinPortrait\floater.exe -> [Ver = | Size = 745256 bytes | Modified Date = 12/6/2002 9:38:32 AM | Attr = ]
webproxy.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe -> Panda Software International [Ver = 6, 2, 22, 533 | Size = 69632 bytes | Modified Date = 6/29/2006 11:04:42 AM | Attr = ]
dragdiag.exe -> %ProgramFiles%\Alcatel\SpeedTouch USB\dragdiag.exe -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 860672 bytes | Modified Date = 11/12/2002 12:02:08 PM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 12/8/2003 5:35:14 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 4/6/2006 9:40:28 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 4:02:54 PM | Attr = ]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2027792 bytes | Modified Date = 7/25/2007 4:06:30 PM | Attr = ]
rcman.exe -> %ProgramFiles%\Creative\MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.0.0.3 | Size = 135168 bytes | Modified Date = 6/12/2003 9:47:06 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 5/20/2007 9:25:39 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 7/25/2007 4:02:32 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/26/2008 1:34:08 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 184408 bytes | Modified Date = 3/20/2003 11:17:04 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 3:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr = ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 12:40:48 AM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/20/2007 12:42:30 AM | Attr = ]
(PAVFNSVR) Panda Function Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 7/21/2006 12:22:32 PM | Attr = ]
(PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 7/25/2005 2:02:22 AM | Attr = ]
(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
(pmshellsrv) Panda Antispam Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 3/31/2006 2:50:52 PM | Attr = ]
(PNMSRV) Panda Network Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 8/2/2006 2:05:54 PM | Attr = ]
(PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ]
(STI Simulator) STI Simulator [Win32_Own | Auto | Running] -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/14/2005 9:32:38 AM | Attr = ]
(TPSrv) Panda TPSrv [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 10/9/2006 4:15:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
APVXDWIN -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 10/11/2006 12:09:16 PM | Attr = ]
CTDVDDET -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 1:00:00 AM | Attr = ]
CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 1:57:32 AM | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.3.8.0 | Size = 57344 bytes | Modified Date = 7/2/2003 10:03:54 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.07b | Size = 118837 bytes | Modified Date = 1/28/2004 1:04:00 AM | Attr = ]
EPSON Stylus Photo RX500 -> %System32%\spool\drivers\w32x86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2209 | Size = 114688 bytes | Modified Date = 7/10/2003 6:13:16 AM | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.011 | Size = 581632 bytes | Modified Date = 1/16/2004 12:41:44 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2209 | Size = 155648 bytes | Modified Date = 7/10/2003 6:25:52 AM | Attr = ]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 4:02:54 PM | Attr = ]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2027792 bytes | Modified Date = 7/25/2007 4:06:30 PM | Attr = ]
mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> MUSICMATCH, Inc. [Ver = 8.00.0109 | Size = 114688 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ]
Mouse Suite 98 Daemon -> ICO.EXE -> File not found
NWEReboot -> -> File not found
PivotSoftware -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 692008 bytes | Modified Date = 12/6/2002 9:38:30 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 4/6/2006 9:40:28 PM | Attr = ]
RegistryMechanic -> -> File not found
RemoteCenter -> -> File not found
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 12/8/2003 5:35:14 PM | Attr = ]
SBDrvDet -> %ProgramFiles%\Creative\SB Drive Det\SBDrvDet.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 12/3/2002 6:06:52 PM | Attr = ]
SCANINICIO -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe -> Panda Software International [Ver = 6.1.1.1 | Size = 22528 bytes | Modified Date = 2/1/2006 6:13:08 PM | Attr = ]
Smapp -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 13, 0 | Size = 98304 bytes | Modified Date = 11/8/2002 5:50:32 PM | Attr = ]
SpeedTouch USB Diagnostics -> %ProgramFiles%\Alcatel\SpeedTouch USB\dragdiag.exe -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 860672 bytes | Modified Date = 11/12/2002 12:02:08 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
tgcmd -> -> File not found
UC_Start -> %SystemDrive%\IBMTOOLS\Updater\ucstartup.exe -> [Ver = | Size = 32768 bytes | Modified Date = 3/17/2003 5:27:52 PM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 3:01:00 AM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 3:00:00 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
IBM RecordNow! -> -> File not found
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.011 | Size = 581632 bytes | Modified Date = 1/16/2004 12:41:44 PM | Attr = ]
RemoteCenter -> %ProgramFiles%\Creative\MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.0.0.3 | Size = 135168 bytes | Modified Date = 6/12/2003 9:47:06 AM | Attr = ]
RemoteControl -> -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 5/20/2007 9:25:39 PM | Attr = ]
tgcmd -> -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< phil Startup Folder > -> C:\Documents and Settings\phil\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
avldr -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Modified Date = 9/27/2005 12:13:48 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2209 | Size = 319488 bytes | Modified Date = 7/10/2003 6:12:26 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.theglobeandmail.com/ ->
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com ->
HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1037 domain(s) found. ->
.[msn] -> My Computer ->
office_microsoft.com [http] -> Trusted sites ->
74 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 38 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Norton\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 1/17/2008 7:37:33 PM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{07D327FB-375E-4172-AB0B-85A6BCABD3E6} -> (1394 Net Adapter) ->
{214725FC-0940-4014-859A-E165C7C24E2B} -> (Intel(R) PRO/100 VE Network Connection) ->
{9FE146DB-4008-40F0-8237-643E59E33608} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] ->
{1754A1BA-A1DF-4F10-B199-AA55AA1A120F}[HKEY_LOCAL_MACHINE] -> https://signup.msn.com/pages/MsnInstC.cab[InstallerBehaviorFactory Class] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}[HKEY_LOCAL_MACHINE] -> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab[Reg Error: Key does not exist or could not be opened.] ->
{4620BC29-8B8E-4F4E-9D92-1DB6633D6793}[HKEY_LOCAL_MACHINE] -> http://rd1.surfernetwork.com/surferplugin.ocx[SurferNETWORK Plugin] ->
{4B48D5DF-9021-45F7-A240-60304302A215}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab[Malicious Software Removal Tool] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124153639421[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CB50428B-657F-47DF-9B32-671F82AA73F7}[HKEY_LOCAL_MACHINE] -> http://www.photodex.com/pxplay.cab[Photodex Presenter AX control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/27/2008 12:21:19 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Created Date = 1/22/2008 6:20:45 PM | Attr = HS]
lv302af.sys -> %System32%\drivers\lv302af.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 13848 bytes | Created Date = 1/24/2008 8:11:28 PM | Attr = R ]
LV302V32.SYS -> %System32%\drivers\LV302V32.SYS -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 1278104 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
LVUSBSta.sys -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 41752 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 1/27/2008 12:51:47 PM | Attr = ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
lvci1110.dll -> %System32%\lvci1110.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 195096 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
lvcodec2.dll -> %System32%\lvcodec2.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 416280 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
lvcoinst.ini -> %System32%\lvcoinst.ini -> [Ver = | Size = 58163 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
LVUI2.dll -> %System32%\LVUI2.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 490008 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
LVUI2RC.dll -> %System32%\LVUI2RC.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 465432 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
miniPortInfo.dat -> %System32%\miniPortInfo.dat -> [Ver = | Size = 912 bytes | Created Date = 1/27/2008 6:46:14 PM | Attr = ]
Repository.reg -> %System32%\Repository.reg -> [Ver = | Size = 19344 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/27/2008 12:21:40 PM | Attr = ]
26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 days]
BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 211 bytes | Modified Date = 1/22/2008 6:24:51 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/24/2008 8:07:03 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/27/2008 12:21:19 PM | Attr = ]
e691367a9bcdbc000b7c4b8fb17f36 -> %SystemDrive%\e691367a9bcdbc000b7c4b8fb17f36 -> [Folder | Modified Date = 1/22/2008 7:54:23 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Modified Date = 1/27/2008 6:46:36 PM | Attr = HS]
Norton -> %SystemDrive%\Norton -> [Folder | Modified Date = 1/20/2008 9:21:33 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/24/2008 8:04:47 PM | Attr = R ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/23/2008 8:24:05 AM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/23/2008 9:43:28 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/24/2008 8:25:08 AM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/24/2008 9:35:47 PM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/25/2008 9:07:20 PM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/17/2008 9:13:37 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 7:23:35 AM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 12:55:45 PM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 9:06:28 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 10:22:38 PM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/20/2008 9:51:52 PM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/20/2008 10:23:42 PM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 8:23:15 AM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 7:37:55 PM | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 10:11:18 PM | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 10:25:18 PM | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/22/2008 4:39:13 PM | Attr = H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/22/2008 7:39:41 PM | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/22/2008 8:44:46 PM | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->&n
  • 0

#8
Rorschach112
Posted 27 January 2008 - 10:11 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Some of the log is missing, can you attach the report instead
  • 0

#9
cayguy
Posted 28 January 2008 - 08:56 AM

cayguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hopefully the whole file is attached.

Attached Files


  • 0

#10
Rorschach112
Posted 28 January 2008 - 09:10 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Mouse Suite 98 Daemon -> ICO.EXE
YN -> NWEReboot ->
YN -> RegistryMechanic ->
YN -> RemoteCenter ->
YN -> tgcmd ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> IBM RecordNow! ->
YN -> RemoteControl ->
YN -> tgcmd ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm
YN -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Add to Windows &Live Favorites ->
[Files/Folders - Created Within 30 days]
YN -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YN -> 26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
YN -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Also tell me how your PC is running
  • 0

Advertisements

#11
cayguy
Posted 28 January 2008 - 10:00 AM

cayguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Me again;

I did the WinPFind35U fix and the pc did reboot but I didn't see a notepad with the actions taken by the fix.

Apologies if I messed it up.
  • 0

#12
Rorschach112
Posted 28 January 2008 - 10:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No I instructed the program to reboot

You should find the notepad file in the WinPFind3 folder

Continue on with the rest of the steps.

Edited by Rorschach112, 28 January 2008 - 10:03 AM.

  • 0

#13
cayguy
Posted 28 January 2008 - 10:34 AM

cayguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello;

Here is the WinPFind35 notepad from the folder.

Attached Files


  • 0

#14
Rorschach112
Posted 28 January 2008 - 10:40 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok thanks, go on with the other step
  • 0

#15
cayguy
Posted 28 January 2008 - 12:18 PM

cayguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the result of the SuperAntiSpyware scan.


SUPERAntiSpyware Scan Log
Generated 01/28/2008 at 01:03 PM

Application Version : 3.6.1000

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 01:13:45

Memory items scanned : 603
Memory threats detected : 0
Registry items scanned : 5877
Registry threats detected : 0
File items scanned : 68476
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\phil\Cookies\[email protected][1].txt
C:\Documents and Settings\phil\Cookies\[email protected][1].txt
C:\Documents and Settings\phil\Cookies\[email protected][1].txt
C:\Documents and Settings\phil\Cookies\phil@questionmarket[2].txt
C:\Documents and Settings\phil\Cookies\phil@adbrite[2].txt
C:\Documents and Settings\phil\Cookies\[email protected][1].txt
C:\Documents and Settings\phil\Cookies\phil@zedo[1].txt
C:\Documents and Settings\phil\Cookies\phil@tribalfusion[1].txt
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP