Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Explorer error, Adware, Trojans, possible Hijack [RESOLVED]


  • This topic is locked This topic is locked

#1
Sumbunny

Sumbunny

    Member

  • Member
  • PipPip
  • 31 posts
Computer is running exceptionally slow and has interference all of the time. When typing my cursor will move to other parts of the document. Commands will be opened that I had not requested. Windows explorer creates an error and closes everything when trying to open the folder where our burned movies are. Also creates the same error when windows media is opened. Computer freezes all of the time and has to be shut down and rebooted the hard way to be able to operate. Internet is extremely slow and have interference in our connection sometimes with IP and so forth. Windows internet explorer continuously tries to script and when spybot scans Internet explorer is most of the problems and I do not even use it. I think it is corrupted because it is a major security breach in my system and runs improperly. Also receive errors all the time telling me files cannot be opened or closed due to the files being locked by the system.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:39 PM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6302 bytes

913D Camera
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 7.1.0
ATI Control Panel
ATI Display Driver
AudibleManager
AVG Free 8.0
Blaze Media Pro
Blaze Media Pro
CCScore
COMODO Firewall Pro
Creative Software AutoUpdate
Creative System Information
Creative ZEN
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EPSON Printer Software
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Express Burn
Eye Candy 4000
fflink
FileVOoM Pro 2.5
Fujitsu Hotkey Utility
Fujitsu Service Assistant
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
iConcepts Music Express
Java™ 6 Update 5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
K-Lite Mega Codec Pack 3.6.5
Kodak EasyShare software
LifeBook Application Panel
LimeWire 4.14.10
Malwarebytes' Anti-Malware
Maxtor Manager
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
netbrdg
Netflix Movie Viewer
Netscape 6 (6.1)
Next Generation Visualisations
OfotoXMI
PhoTags Express
Quicken 2003 New User Edition
QuickTime
RegCure 1.4.0.4
Rhapsody Player Engine
RTLSetup for Realtek RTL8139/810x Family NIC 3.00
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
tooltips
VPRINTOL
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
ZEN Media Explorer
ZENcast Organizer



SUPERAntiSpyware Scan Log
Generated 06/29/2008 at 01:57 AM

Application Version : 3.6.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 06:12:56

Memory items scanned : 360
Memory threats detected : 0
Registry items scanned : 5470
Registry threats detected : 0
File items scanned : 37448
File threats detected : 0

Oh also I get the error message upon closing my programs that they have been locked by the system. This has been happing for the last few days and it happens when opening and closing files. Help


Reason for Edit: Merged posts.

Please don't post more than once or bump the topic as Helpers usually first look for threads with no replies.

Edited by Sumbunny, 01 July 2008 - 06:36 PM.

  • 0

Advertisements


#2
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Sumbunny, and we're sorry that we had to make you wait. Thank you very much for posting in the waiting room like you were supposed to :)

Let's just get another scan before we go crazy :)

1. Fix Entries with HijackThis
------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O20 - AppInit_DLLs: avgrsstx.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Deckard's System Scanner
------------------------------------------------

Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

  • On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.
  • The entire scanning process will take about five minutes, often less.
  • During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.
  • Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.
  • Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.
On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.
  • 0

#3
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
AHH! Sorry, I made a mistake with the HijackThis fix :) :) Please follow these directions:

1. Restore HijackThis backups
------------------------------------------------

To restore the backups:
  • Open HiJackThis
  • Click on the "Config..." button or the "Open the Misc. Tools Section[/b] button
  • Click on the "Backups" tab
  • Place a check mark next to O20 - AppInit_DLLs: avgrsstx.dll
  • Click Restore
  • Click Yes
  • Reboot your computer
  • Run HiJackThis and post a new HiJackThis log for review.

2. Fix Entries with HijackThis
------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O18 - Filter hijack: text/html - (no CLSID) - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Don't forget the DSS log :)

Edited by Fredil, 03 July 2008 - 07:23 PM.

  • 0

#4
Sumbunny

Sumbunny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:13 AM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6333 bytes



Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-04 00:45:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:13 AM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6333 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-02 08:00:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-01 17:25:02 0 d-------- C:\WINDOWS\pss
2008-07-01 14:59:38 0 d-------- C:\WINDOWS\Prefetch
2008-07-01 14:06:02 0 d-------- C:\WINDOWS\system32\scripting
2008-07-01 14:05:44 0 d-------- C:\WINDOWS\l2schemas
2008-07-01 14:05:30 0 d-------- C:\WINDOWS\system32\en
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-30 15:06:37 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2008-06-30 15:06:36 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2008-06-30 15:06:36 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2008-06-30 15:06:36 0 dr-h---c- C:\Documents and Settings\Administrator\Recent
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2008-06-30 15:06:36 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2008-06-30 15:06:36 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2008-06-30 15:06:36 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2008-06-30 15:06:36 0 d------c- C:\Documents and Settings\Administrator\Desktop
2008-06-30 15:06:36 0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2008-06-30 15:06:36 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2008-06-30 15:06:36 0 d------c- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-29 20:22:25 0 d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-29 17:01:32 0 d-------- C:\Program Files\Geek Superhero
2008-06-28 21:07:30 0 d-------- C:\Program Files\Panda Security
2008-06-28 19:31:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-24 20:56:59 0 d-------- C:\Program Files\WinClamAVShield
2008-06-24 20:45:55 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-24 20:45:53 0 d------c- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-24 20:45:52 0 d------c- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-06-24 20:45:47 0 d-------- C:\Program Files\Spyware Terminator
2008-06-23 15:54:30 0 d--h---c- C:\$AVG8.VAULT$
2008-06-22 23:09:10 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 23:07:53 0 d-------- C:\Program Files\AVG
2008-06-22 11:46:04 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 11:13:25 18240 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-15 10:01:54 0 d-------- C:\Program Files\Google
2008-06-10 17:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-10 17:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 17:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 17:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-06-10 17:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-06-10 17:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>


-- Find3M Report ---------------------------------------------------------------

2008-07-02 07:23:41 0 d-------- C:\Program Files\SpywareBlaster
2008-07-02 01:15:54 0 d-------- C:\Program Files\DivX
2008-07-01 18:00:30 0 d------c- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-01 14:13:19 0 d-------- C:\Program Files\Messenger
2008-07-01 14:05:21 0 d-------- C:\Program Files\Movie Maker
2008-07-01 13:18:33 0 d-------- C:\Program Files\Windows NT
2008-06-30 10:32:16 0 d-------- C:\Program Files\SpywareGuard
2008-06-30 10:31:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 09:59:02 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-30 09:57:25 0 d-------- C:\Program Files\Common Files
2008-06-28 19:07:20 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 23:40:31 0 d-------- C:\Program Files\Yahoo!
2008-06-24 22:40:12 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-24 07:35:05 0 d------c- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-06-15 21:12:30 10439 --a----c- C:\logfile
2008-05-23 08:58:52 0 d------c- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 08:36:38 0 d-------- C:\Program Files\RegCure
2008-05-12 07:13:54 0 d-------- C:\Program Files\NCH Software
2008-05-12 07:11:19 0 d------c- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-05-08 15:23:07 0 d------c- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-08 10:01:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-14 21:43:40 17920 --a----c- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/03/2008 01:47 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/03/2008 01:47 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 01:47 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/31/2008 11:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-04 00:56:39 ------------
  • 0

#5
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Sumbunny, the full DSS log wasn't created, let's see if we can fix that :)

1. Re-scan with DSS
------------------------------------------------

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

Hit "Check All" and click "Scan!" DSS will produce main.txt and extra.txt, please post them back :)
  • 0

#6
Sumbunny

Sumbunny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-05 11:36:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-05 18:36:41 UTC - RP148 - Deckard's System Scanner Restore Point
3: 2008-07-04 21:28:14 UTC - RP147 - RegCure Backup
2: 2008-07-04 20:00:20 UTC - RP146 - Avg8 Update
1: 2008-07-04 19:59:19 UTC - RP145 - Avg8 Update


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-05 11:44:54
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kaspersky.com (HKCU)
O15 - Trusted Zone: http://support.microsoft.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: http://www.update.microsoft.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.com (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/html - - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


--
End of file - 7405 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 SQTECH913D (913D Camera) - c:\windows\system32\drivers\capt913d.sys <Not Verified; Service & Quality Technology.; SQ913D>
S3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1033B9B0E10
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1033B9B0E10
Service: NIC1394


-- Process Modules -------------------------------------------------------------

All modules okay.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 08:08:20 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-07-03 03:00:00 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-06-30 01:00:16 334 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-06-23 21:32:04 436 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-02 08:00:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-01 17:25:02 0 d-------- C:\WINDOWS\pss
2008-07-01 14:59:38 0 d-------- C:\WINDOWS\Prefetch
2008-07-01 14:06:02 0 d-------- C:\WINDOWS\system32\scripting
2008-07-01 14:05:44 0 d-------- C:\WINDOWS\l2schemas
2008-07-01 14:05:30 0 d-------- C:\WINDOWS\system32\en
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-30 15:06:37 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-30 15:06:37 0 d------c- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2008-06-30 15:06:36 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2008-06-30 15:06:36 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2008-06-30 15:06:36 0 dr-h---c- C:\Documents and Settings\Administrator\Recent
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2008-06-30 15:06:36 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2008-06-30 15:06:36 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2008-06-30 15:06:36 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2008-06-30 15:06:36 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2008-06-30 15:06:36 0 d------c- C:\Documents and Settings\Administrator\Desktop
2008-06-30 15:06:36 0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2008-06-30 15:06:36 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2008-06-30 15:06:36 0 d------c- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-29 20:22:25 0 d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-29 17:01:32 0 d-------- C:\Program Files\Geek Superhero
2008-06-28 21:07:30 0 d-------- C:\Program Files\Panda Security
2008-06-28 19:31:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-24 20:56:59 0 d-------- C:\Program Files\WinClamAVShield
2008-06-24 20:45:55 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-24 20:45:53 0 d------c- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-24 20:45:52 0 d------c- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-06-24 20:45:47 0 d-------- C:\Program Files\Spyware Terminator
2008-06-23 15:54:30 0 d--h---c- C:\$AVG8.VAULT$
2008-06-22 23:09:10 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 23:07:53 0 d-------- C:\Program Files\AVG
2008-06-22 11:46:04 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 11:13:25 18240 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-15 10:01:54 0 d-------- C:\Program Files\Google
2008-06-10 17:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-10 17:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 17:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 17:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-06-10 17:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-06-10 17:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>


-- Find3M Report ---------------------------------------------------------------

2008-07-04 13:46:46 0 d------c- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-02 07:23:41 0 d-------- C:\Program Files\SpywareBlaster
2008-07-02 01:15:54 0 d-------- C:\Program Files\DivX
2008-07-01 18:00:30 0 d------c- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-01 14:13:19 0 d-------- C:\Program Files\Messenger
2008-07-01 14:05:21 0 d-------- C:\Program Files\Movie Maker
2008-07-01 13:18:33 0 d-------- C:\Program Files\Windows NT
2008-06-30 10:32:16 0 d-------- C:\Program Files\SpywareGuard
2008-06-30 10:31:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 09:59:02 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-30 09:57:25 0 d-------- C:\Program Files\Common Files
2008-06-28 19:07:20 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 23:40:31 0 d-------- C:\Program Files\Yahoo!
2008-06-24 22:40:12 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-15 21:12:30 10439 --a----c- C:\logfile
2008-05-23 08:58:52 0 d------c- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 08:36:38 0 d-------- C:\Program Files\RegCure
2008-05-12 07:13:54 0 d-------- C:\Program Files\NCH Software
2008-05-12 07:11:19 0 d------c- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-05-08 15:23:07 0 d------c- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-08 10:01:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-14 21:43:40 17920 --a----c- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/03/2008 01:47 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/03/2008 01:47 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 01:47 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/31/2008 11:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8798 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-05 12:09:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.20GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 446.98 MiB / 142.3 MiB
Pagefile Memory (total/avail): 1058.02 MiB / 792.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.26 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 46.13 GiB total, 12.57 GiB free.
D: is Fixed (FAT32) - 9.75 GiB total, 2.58 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 465.76 GiB total, 322.99 GiB free.
G: is Removable (FAT)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 46.13 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 9.76 GiB - D:

\\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device - 1913.99 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1914.38 MiB - G:

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE6 - Maxtor OneTouch USB Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIFEBOOK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\LIFEBOOK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PCDRSDK\WINDSAPI\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=LIFEBOOK
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Torrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
913D Camera --> C:\Program Files\InstallShield Installation Information\{3F927DF0-D056-466F-B4B8-61804D5B6351}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Blaze Media Pro --> C:\Documents and Settings\All Users\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}\setup_blazemp.exe
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Eye Candy 4000 --> C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Effects\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Effects\EYECAN~1\INSTALL.LOG
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
FileVOoM Pro 2.5 --> "C:\Program Files\FileVOoM Pro\unins000.exe"
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED9C7B9B-E694-416A-A0F6-E1D786A6BE99}\setup.exe"
Fujitsu Service Assistant --> C:\PROGRA~1\FUJITS~1\UNINST~1.EXE FujitsuPC
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iConcepts Music Express --> C:\PROGRA~1\ICONCE~1\Setup.exe /remove /q0
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Mega Codec Pack 3.6.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_50dfb0f\Setup.exe /APR-REMOVE
LifeBook Application Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2518A8B-FACA-11D6-B1F2-00000E5F1C10}\setup.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor Manager --> "C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager --> MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Pro Step by Step Interactive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FC7D8E1-F14F-11D4-943A-00E02950B496}\setup.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape 6 (6.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.1 (en)"
Next Generation Visualisations --> MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6247A653-067B-4117-A88B-764B16329DC5} anything
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
ZEN Media Explorer --> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /nolog/l0x0009
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /nolog/l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type7187 / Warning
Event Submitted/Written: 07/04/2008 06:19:38 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7182 / Warning
Event Submitted/Written: 07/04/2008 03:01:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7181 / Error
Event Submitted/Written: 07/04/2008 02:21:50 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 742988946.

Event Record #/Type7180 / Error
Event Submitted/Written: 07/04/2008 02:17:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application cleanmgr.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7178 / Error
Event Submitted/Written: 07/04/2008 01:59:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type61819 / Warning
Event Submitted/Written: 07/05/2008 00:02:42 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.

Event Record #/Type61818 / Warning
Event Submitted/Written: 07/05/2008 11:36:41 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.

Event Record #/Type61817 / Error
Event Submitted/Written: 07/05/2008 11:25:29 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type61815 / Error
Event Submitted/Written: 07/05/2008 10:28:48 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.2 for the Network Card with network address 000B5D035404 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type61813 / Warning
Event Submitted/Written: 07/05/2008 10:06:55 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-07-05 12:09:49 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:33 PM, on 7/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6336 bytes
  • 0

#7
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Sumbunny, it doesn't look that bad.

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Update Java
------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

2. Fix File Associations
------------------------------------------------

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%Userprofile%\Desktop\dss.exe" /daft

Accept the disclaimer, and click the "Scan" button. Place a checkmark next to everything that appears and press "Fix". Afterwards, close the window.

3. Scan with Kaspersky WebScanner
------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

In your next post
------------------------------------------------

  • Kaspersky WebScanner log

  • 0

#8
Sumbunny

Sumbunny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok, Just wanted to let you know that I am still active and working on the recommendations that you advised. I am having some sort of a problem because the Kaspersky WebScan is taking for ever. I ran it all night last night from 10:00p.m. to this morning at 7:00am and it was only 5% done. I do online schooling and on a daily basis have to attend class. When I went to open a new window and log into my schooling everything froze. So I do not know if you want me to start ti again or try something else. My only concern is that I can not go three days without attending school and I can not seem to attend school with this program running. I will wait for your reply. Thank you.
  • 0

#9
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
That's okay. I'm a student too and completely understand :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by Fredil, 11 July 2008 - 04:15 PM.

  • 0

#10
Sumbunny

Sumbunny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok, I will run that scan. I just wanted to let you know I was finally able to get the scan to run through 91,000 at 71% complete. It found two threat names and seven infected files at the point it froze again. The names in the report that I was unable to save was Trojan Downloader W.... the rest I do not know because that is all that I could read.
  • 0

Advertisements


#11
Sumbunny

Sumbunny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Monday, July 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 13, 2008 11:36:23
Records in database: 948174
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan statistics
Files scanned 92660
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 30:15:22

File name Threat name Threats count
C:\Documents and Settings\Owner\My Documents\My Music\My Music\New DownLoads\05 (Let Me Put) Love on Your Mind.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
F:\My Documents\My Music\My Music\New DownLoads\05 (Let Me Put) Love on Your Mind.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
F:\My Documents\Video Converter\WinRar 3.71 final + keygen (Works 100% )\wrar371.exe Infected: Backdoor.Win32.Small.ejp 1
The selected area was scanned.

Ok I was finally able to run this scan on internet explorer. I also ran the other scan and it found nothing just for your information. I guess that is how it works some times. I will wait for your next instruction.
  • 0

#12
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Sorry for the delay, I'm reviewing your logs right now and will have a reply by tomorrow :) It's been a busy few days.
  • 0

#13
Sumbunny

Sumbunny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok, Thank you.
  • 0

#14
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Sumbunny, my apologies for the delay :) It's not easy being my father's son :)

There really doesn't seem to be that much on your computer, really! Let's get a more in-depth scan.

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Fix Entries with HijackThis
------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O2 - BHO: (no name) - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - (no file)
O18 - Filter hijack: text/html - (no CLSID) - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Clean Temporary Files
------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Scan with OTScanIt
------------------------------------------------

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
  • 0

#15
Sumbunny

Sumbunny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
[code=auto:0]OTScanIt logfile created on: 7/21/2008 11:30:04 PM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 119.81 Mb Available Physical Memory | 26.80% Memory free
1.03 Gb Paging File | 0.80 Gb Available in Paging File | 77.86% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.13 Gb Total Space | 10.81 Gb Free Space | 23.43% Space Free | Partition Type: NTFS
Drive D: | 9.75 Gb Total Space | 2.58 Gb Free Space | 26.42% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 319.98 Gb Free Space | 68.70% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.84 Gb Free Space | 98.33% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIFEBOOK
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 147456 bytes | Modified Date = 10/28/2002 6:22:42 AM | Attr = ]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/3/2008 1:47:25 AM | Attr = ]
cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [Ver = | Size = 519936 bytes | Modified Date = 5/31/2008 11:58:07 AM | Attr = ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 10:01:00 AM | Attr = ]
syncservices.exe -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 156976 bytes | Modified Date = 9/28/2007 1:24:36 PM | Attr = ]
sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.2.1.365 | Size = 606720 bytes | Modified Date = 6/24/2008 8:45:55 PM | Attr = ]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 7/3/2008 1:47:19 AM | Attr = ]
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 7/3/2008 1:47:29 AM | Attr = ]
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/3/2008 1:47:39 AM | Attr = ]
cfp.exe -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> [Ver = | Size = 1655552 bytes | Modified Date = 5/31/2008 11:56:39 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
maxmenumgr.exe -> %ProgramFiles%\Maxtor\OneTouch Status\MaxMenuMgr.exe -> Maxtor Corporation [Ver = 2, 2, 0, 4 | Size = 169264 bytes | Modified Date = 9/6/2007 2:53:40 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 147456 bytes | Modified Date = 10/28/2002 6:22:42 AM | Attr = ]
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 7/3/2008 1:47:29 AM | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/3/2008 1:47:25 AM | Attr = ]
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [Ver = | Size = 519936 bytes | Modified Date = 5/31/2008 11:58:07 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 10:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 5:12:17 PM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(Maxtor Sync Service) Maxtor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 156976 bytes | Modified Date = 9/28/2007 1:24:36 PM | Attr = ]
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> -> File not found
(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.2.1.365 | Size = 606720 bytes | Modified Date = 6/24/2008 8:45:55 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(aliadwdm) ALi Audio Accelerator WDM driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Modified Date = 8/28/2002 4:00:48 PM | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
(ALiIRDA) ALi Infrared Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alifir.sys -> Acer Laboratories Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26624 bytes | Modified Date = 8/17/2001 6:49:02 AM | Attr = ]
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.3.1.123 | Size = 56573 bytes | Modified Date = 1/16/2002 7:53:32 PM | Attr = ]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6200 | Size = 539520 bytes | Modified Date = 10/28/2002 6:32:14 AM | Attr = ]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 7/3/2008 1:47:18 AM | Attr = ]
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 7/3/2008 1:47:18 AM | Attr = ]
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 7/3/2008 1:47:37 AM | Attr = ]
(BtnHnd) BtnHnd [Kernel | Auto | Running] -> %ProgramFiles%\Fujitsu\BtnHnd\BtnHnd.sys -> FUJITSU LIMITED [Ver = 2, 5, 0, 7 | Size = 19712 bytes | Modified Date = 11/18/2002 5:43:44 PM | Attr = ]
(caboagp) ATI Cabo AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atisgkaf.SYS -> ATI Technologies Inc. [Ver = 5.00.2195.1004 | Size = 23570 bytes | Modified Date = 8/29/2002 5:04:56 PM | Attr = R ]
(cmdGuard) COMODO Firewall Pro Sandbox Driver [File_System | System | Running] -> %SystemRoot%\system32\drivers\cmdguard.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 87056 bytes | Modified Date = 5/31/2008 11:58:01 AM | Attr = ]
(cmdHlp) COMODO Firewall Pro Helper Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cmdhlp.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 24208 bytes | Modified Date = 5/31/2008 11:58:02 AM | Attr = ]
(CONAN) CONAN [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\o2mmb.sys -> O2 Micro [Ver = 1, 0, 1, 6 | Size = 172352 bytes | Modified Date = 9/26/2002 12:43:46 AM | Attr = R ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 11:44:48 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 11:44:46 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
(FUJ02B1) Fujitsu FUJ02B1 Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fuj02b1.sys -> FUJITSU LIMITED [Ver = 1.21 built by: WinDDK | Size = 5248 bytes | Modified Date = 7/31/2001 8:00:22 PM | Attr = ]
(Inspect) COMODO Firewall Pro Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\inspect.sys -> COMODO [Ver = 3, 0, 23, 359 | Size = 79760 bytes | Modified Date = 5/31/2008 11:58:04 AM | Attr = ]
(LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\LHidUsbK.Sys -> File not found
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\LMouKE.Sys -> File not found
(LucentSoftModem) Lucent Technologies Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LTSM.sys -> Lucent Technologies [Ver = 3.1.106 3.1.106 12/18/2001 17:42:46 | Size = 807021 bytes | Modified Date = 12/18/2001 1:42:48 AM | Attr = ]
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,8,0 | Size = 22152 bytes | Modified Date = 5/3/2007 2:37:08 PM | Attr = ]
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 201 | Size = 9856 bytes | Modified Date = 10/11/2004 1:28:18 PM | Attr = ]
(PRISM) Intersil PRISM Wireless LAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PRISMNDS.sys -> Intersil Corporation [Ver = 1.07.41 | Size = 51200 bytes | Modified Date = 6/16/2002 6:26:02 PM | Attr = R ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/29/2007 4:00:00 AM | Attr = ]
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5.681.1120.2007 built by: WinDDK | Size = 104320 bytes | Modified Date = 11/20/2007 12:09:22 PM | Attr = ]
(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.504.613.2002 built by: WinDDK | Size = 45568 bytes | Modified Date = 6/12/2002 7:37:16 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ]
(sp_rsdrv2) Spyware Terminator Driver 2 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\sp_rsdrv2.sys -> [Ver = | Size = 141312 bytes | Modified Date = 6/24/2008 8:45:55 PM | Attr = ]
(SQTECH913D) 913D Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Capt913D.sys -> Service & Quality Technology. [Ver = 0, 0, 0, 5 | Size = 29696 bytes | Modified Date = 6/21/2007 10:45:08 AM | Attr = ]
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\STAC97.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/3/2008 1:47:39 AM | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe ["C:\Program Files\COMODO\Firewall\cfp.exe" -h] -> [Ver = | Size = 1655552 bytes | Modified Date = 5/31/2008 11:56:39 AM | Attr = ]
mxomssmenu -> %ProgramFiles%\Maxtor\OneTouch Status\MaxMenuMgr.exe ["C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"] -> Maxtor Corporation [Ver = 2, 2, 0, 4 | Size = 169264 bytes | Modified Date = 9/6/2007 2:53:40 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 7/3/2008 1:47:19 AM | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 7/5/2008 9:34:30 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 5:12:38 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 5:12:24 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 5:12:41 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 11:40:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTOSHIBA_DVD-ROM_SD-R6012________________1F33____\3335373930373430313620202020202020202020 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 12/18/2002 11:54:50 AM | Attr = ]
autorun.inf [[autorun] | icon = .\mxoicon6.ico | ] -> F:\autorun.inf [ NTFS ] -> [Ver = | Size = 32 bytes | Modified Date = 5/10/2007 9:48:26 AM | Attr = ]
< HOSTS File > (253094 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4650 domain(s) found. ->
42 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6921 domain(s) found. ->
www_kaspersky.com [http] -> Trusted sites ->
onecare_live.com [http] -> Local intranet ->
support_microsoft.com [http] -> Trusted sites ->
windowsupdate_microsoft.com [http] -> Trusted sites ->
www.update_microsoft.com [http] -> Trusted sites ->
windowsupdate.com .[http] -> Trusted sites ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 7/4/2008 12:59:39 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 7/3/2008 1:47:35 AM | Attr = ]
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Java(tm) Plug-In 2 SSV Helper] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 7/3/2008 1:47:35 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 7/3/2008 1:47:35 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 6:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{9E033DAA-5F42-46E5-ABFE-5A0E418BB378} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{A9966950-9321-4BF4-84E3-0AF6BC479031} -> (1394 Net Adapter) ->
{DCE07882-3C7C-40EC-BF80-A4327D2852CE} -> () ->
{FD410784-AF12-40A3-B2B8-5F6BA7ABDE9A} -> (Intersil PRISM Wireless LAN PCI Card) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 7/3/2008 1:47:28 AM | Attr = ]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/html:[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[YInstStarter Class] ->
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab[Windows Live Safety Center Base Module] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190501929148[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab[Creative Software AutoUpdate Support Package] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\.Owner -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 5:12:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 5:11:56 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 5:12:00 PM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 5:12:08 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 964 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP