Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Your privacy is in danger" background [CLOSED]


  • This topic is locked This topic is locked

#1
paulpc

paulpc

    New Member

  • Member
  • Pip
  • 5 posts
Hello and nice to see you. Great forum.
I think my PC is infected. I have a "Your privacy is in danger" background and pop-ups that say "Download antivirus to protect PC".
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2:

Scan saved at 01:14:23, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmaTel Audio] C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\setup.exe -postqfe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RemoteControl8] "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer = 193.231.252.1 213.154.124.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O21 - SSODL: pdoskegl - {BC955F78-E20A-4ED6-B951-1E1FBBD3DBDF} - C:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {216E3E49-1023-4EB9-99D4-633AD2C78E75} - C:\WINDOWS\rqbmvpso.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8988 bytes

Probably it will help, SmitFraudFix log:

SmitFraudFix v2.339

Scan done at 0:57:18.54, Mon 08/25/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Paul\FAVORI~1

C:\DOCUME~1\Paul\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Paul\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Paul\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\Paul\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Paul\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Paul\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!




»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: rodqgpvlkoa.dll
BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67}
TypeLib: {31E49456-3EC8-4CF9-B756-CD4BB7D43F61}
Interface: {E3A8BB7F-47DF-4A13-9F50-CA0D1F89DA7F}
Interface: {FD929AF1-D3CE-4374-9A73-C8E70BC02C17}

[!] Suspicious: qalkfxor.dll
Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387}
TypeLib: {2E94E090-6554-4076-97A0-BC0EBE5CD9B2}
Interface: {ADE410F2-0722-420F-8B03-9A874F23A3BC}
Classe: qalkfxor.bpqk
Classe: qalkfxor.ToolBar.1

[!] Suspicious: pdoskegl.dll
SSODL: pdoskegl - {BC955F78-E20A-4ED6-B951-1E1FBBD3DBDF}

[!] Suspicious: rqbmvpso.dll
SSODL: rqbmvpso - {216E3E49-1023-4EB9-99D4-633AD2C78E75}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 193.231.252.1
DNS Server Search Order: 213.154.124.1

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 213.157.188.162

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer=193.231.252.1 213.154.124.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer=193.231.252.1 213.154.124.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.157.188.162


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Once in Safe Mode, please double-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning!! : running option #2 on a non infected computer will remove your Desktop background.





NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#3
paulpc

paulpc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
SmitFraudFix log:
SmitFraudFix v2.339

Scan done at 14:23:30.31, Mon 08/25/2008
Run from C:\Documents and Settings\Paul\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1	   localhost
127.0.0.1	update.bitdefender.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\rodqgpvlkoa.dll deleted.
C:\WINDOWS\qalkfxor.dll deleted.
C:\WINDOWS\pdoskegl.dll deleted.
C:\WINDOWS\rqbmvpso.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\DOCUME~1\Paul\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Paul\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Paul\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Paul\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Paul\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Paul\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer=193.231.252.1 213.154.124.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer=193.231.252.1 213.154.124.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.157.188.162


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Malwarebytes' Anti-Malware log:
Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 3

4:24:24 PM 8/25/2008
mbam-log-08-25-2008 (16-24-24).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 146465
Time elapsed: 1 hour(s), 41 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Malware.Tool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\antiwpa.dll (Malware.Tool) -> Delete on reboot.
C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:34, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmaTel Audio] C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\setup.exe -postqfe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RemoteControl8] "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer = 193.231.252.1 213.154.124.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8588 bytes

  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. Please don't use code/quote tags when posting your logs.. Just post them as it is.. It will be much easier for my eyes..


Tell me, how is your computer now?


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll (file missing)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by fenzodahl512, 25 August 2008 - 02:14 PM.

  • 0

#5
paulpc

paulpc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
After updating the virus definitions a window pops that says "Kaspersky Online Scanner license has expired!"
I have never used Kaspersky so I don't why this happend.
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Lets do this instead..

Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 30 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.


And tell me how is your computer now?
  • 0

#7
paulpc

paulpc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
My computer is fine now. Thank you very much !!! :) No more malware & stuff :)

OTView it log:

OTViewIt logfile created on: 8/26/2008 2:33:05 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 8.75 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive D: | 119.74 Gb Total Space | 12.37 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive E: | 119.75 Gb Total Space | 0.63 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUCA
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[10/09/2007 07:17 PM | 00,024,064 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[10/09/2007 07:17 PM | 01,921,024 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\BCMWLTRY.EXE
[07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[02/22/2008 05:46 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[07/24/2008 05:28 AM | 00,086,016 | ---- | M] (BitDefender) - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
[07/24/2008 05:28 AM | 01,155,072 | ---- | M] (BitDefender SRL) - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[07/24/2008 05:28 AM | 01,253,376 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
[02/22/2008 12:43 PM | 01,245,184 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\quickset.exe
[05/10/2007 10:22 AM | 00,405,504 | ---- | M] (SigmaTel, Inc.) - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
[05/10/2007 01:01 AM | 00,036,864 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\OEM02Mon.exe
[10/09/2007 07:17 PM | 02,183,168 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\WLTRAY.EXE
[07/02/2007 01:29 PM | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\Apoint.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[05/22/2007 02:18 PM | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApMsgFwd.exe
[07/10/2008 10:51 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/24/2008 05:28 AM | 00,368,640 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
[03/20/2008 08:23 PM | 00,083,240 | ---- | M] (Cyberlink Corp.) - E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
[09/08/2006 03:10 PM | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\hidfind.exe
[06/06/2007 04:44 PM | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApntEx.exe
[03/21/2008 10:21 AM | 00,091,432 | ---- | M] (cyberlink) - C:\Program Files\Cyberlink\Shared Files\brs.exe
[06/07/2007 11:14 AM | 00,118,784 | ---- | M] (Creative Technology Ltd.) - C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
[10/11/2007 09:49 AM | 00,465,136 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
[09/18/2005 06:40 PM | 01,421,824 | ---- | M] (Methlabs) - C:\Program Files\PeerGuardian2\pg2.exe
[08/16/2008 12:17 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\uTorrent\uTorrent.exe
[02/27/2007 11:39 AM | 01,310,720 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[11/03/2006 06:02 PM | 00,050,688 | ---- | M] (Avanquest Software ) - C:\Program Files\Digital Line Detect\DLG.exe
[07/10/2008 10:51 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[05/30/2008 03:54 PM | 21,718,312 | R--- | M] (Skype Technologies S.A.) - C:\Program Files\Skype\Phone\Skype.exe
[05/30/2008 03:54 PM | 00,076,744 | R--- | M] (Skype Technologies) - C:\Program Files\Skype\Plugin Manager\skypePM.exe
[08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[07/08/2008 07:22 PM | 00,486,856 | ---- | M] (DT Soft Ltd) - C:\Program Files\DAEMON Tools Lite\daemon.exe
[08/26/2008 02:28 AM | 00,103,736 | ---- | M] () - C:\WINDOWS\system32\PnkBstrB.exe
[08/26/2008 02:28 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
[07/17/2008 07:07 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/26/2008 02:32 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Paul\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(DellAMBrokerService) DellAMBrokerService [On_Demand | Stopped]
[10/11/2007 09:49 AM | 00,076,016 | ---- | M] () - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/14/2008 03:00 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[08/13/2008 12:46 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/10/2008 10:51 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LIVESRV) BitDefender Desktop Update Service [Auto | Running]
[07/24/2008 05:28 AM | 01,155,072 | ---- | M] (BitDefender SRL) - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

(NMIndexingService) NMIndexingService [On_Demand | Stopped]
File not found - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[02/22/2008 05:46 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped]
[11/06/2007 11:22 PM | 00,092,792 | ---- | M] (CACE Technologies) - C:\Program Files\WinPcap\rpcapd.exe

(VSSERV) BitDefender Virus Shield [Auto | Running]
[07/24/2008 05:28 AM | 01,253,376 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

(wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running]
[10/09/2007 07:17 PM | 00,024,064 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

(XCOMM) BitDefender Communicator [Auto | Running]
[07/24/2008 05:28 AM | 00,086,016 | ---- | M] (BitDefender) - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

(PnkBstrB) PnkBstrB [Auto | Running]
[08/26/2008 02:28 AM | 00,103,736 | ---- | M] () - C:\WINDOWS\system32\PnkBstrB.exe

(PnkBstrA) PnkBstrA [Auto | Running]
[08/26/2008 02:28 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe

===== Driver Services - Non-Microsoft Only =====

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [On_Demand | Running]
[06/25/2007 06:53 PM | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys

(APPDRV) APPDRV [System | Running]
[08/12/2005 04:50 PM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS

(BCM43XX) Dell Wireless WLAN Card Driver [On_Demand | Running]
[10/09/2007 07:17 PM | 01,123,328 | ---- | M] (Broadcom Corp.) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [On_Demand | Running]
[11/21/2006 04:25 AM | 00,045,568 | R--- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys

(Bdfndisf) BitDefender Firewall NDIS Filter Service [On_Demand | Running]
[07/24/2008 05:28 AM | 00,086,792 | ---- | M] (BitDefender SRL) - C:\WINDOWS\system32\drivers\bdfndisf.sys

(bdfsfltr) bdfsfltr [On_Demand | Running]
[01/07/2008 05:41 PM | 00,196,368 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) - C:\WINDOWS\system32\drivers\bdfsfltr.sys

(bdftdif) bdftdif [System | Running]
[07/24/2008 05:28 AM | 00,156,688 | ---- | M] (BitDefender SRL) - C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys

(BDSelfPr) BDSelfPr [On_Demand | Running]
[07/24/2008 05:28 AM | 00,008,320 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys

(datunidr) DellAutomatedPCTuneUp UniDriver [Auto | Running]
[08/23/2007 06:29 PM | 00,005,376 | --S- | M] (Gteko Ltd.) - C:\WINDOWS\system32\drivers\datunidr.sys

(dmboot) dmboot [Disabled | Stopped]
[04/14/2008 03:00 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/14/2008 03:00 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[04/14/2008 03:00 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[04/14/2008 03:00 PM | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\hdaudbus.sys

(HSFHWAZL) HSFHWAZL [On_Demand | Running]
[08/02/2007 05:34 PM | 00,211,200 | R--- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWAZL.sys

(HSF_DPV) HSF_DPV [On_Demand | Running]
[08/02/2007 05:35 PM | 00,989,952 | R--- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DPV.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[06/19/2006 02:26 PM | 00,012,672 | R--- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(NPF) NetGroup Packet Filter Driver [On_Demand | Stopped]
[11/06/2007 11:22 PM | 00,034,064 | ---- | M] (CACE Technologies) - C:\WINDOWS\system32\drivers\npf.sys

(nv) nv [On_Demand | Running]
[02/22/2008 05:46 AM | 06,658,592 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(OEM02Afx) Provides a software interface to control audio effects of OEM002 camera. [On_Demand | Running]
[06/08/2007 01:00 AM | 00,141,376 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\OEM02Afx.sys

(OEM02Dev) Creative Camera OEM002 Driver [On_Demand | Running]
[10/11/2007 01:03 AM | 00,235,648 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\OEM02Dev.sys

(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [On_Demand | Running]
[03/05/2007 06:45 PM | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) - C:\WINDOWS\system32\drivers\OEM02Vfx.sys

(Profos) Profos [On_Demand | Stopped]
[07/12/2007 01:32 AM | 00,012,800 | ---- | M] () - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[04/14/2008 03:00 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PTproct) PTproct [On_Demand | Running]
[10/05/2006 04:07 PM | 00,004,736 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys

(PxHelp20) PxHelp20 [Boot | Running]
[03/08/2007 02:51 AM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(rimmptsk) rimmptsk [Auto | Running]
[11/15/2006 12:16 AM | 00,032,256 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rimmptsk.sys

(rimsptsk) rimsptsk [Auto | Running]
[11/14/2006 07:42 PM | 00,043,520 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rimsptsk.sys

(rismxdp) Ricoh xD-Picture Card Driver [Auto | Running]
[11/14/2006 05:35 PM | 00,037,376 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rixdptsk.sys

(SASDIFSV) SASDIFSV [System | Running]
[10/10/2006 12:53 PM | 00,005,632 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Running]
[02/16/2006 04:51 PM | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[02/27/2007 11:39 AM | 00,032,256 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(Secdrv) Secdrv [On_Demand | Stopped]
[04/14/2008 03:00 PM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sptd) sptd [Boot | Running]
[07/14/2008 12:57 PM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[05/10/2007 10:24 AM | 01,222,840 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(Trufos) Trufos [On_Demand | Stopped]
[07/10/2007 08:00 AM | 00,036,736 | ---- | M] () - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys

(winachsf) winachsf [On_Demand | Running]
[08/02/2007 05:34 PM | 00,731,136 | R--- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running]
[02/01/2008 05:24 PM | 00,041,456 | ---- | M] (Cyberlink Corp.) - E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\000.fcl

(pgfilter) pgfilter [On_Demand | Running]
[09/18/2005 06:02 PM | 00,005,632 | ---- | M] () - C:\Program Files\PeerGuardian2\pgfilter.sys

(PnkBstrK) PnkBstrK [On_Demand | Running]
[08/26/2008 02:28 AM | 00,022,328 | ---- | M] () - C:\WINDOWS\system32\drivers\PnkBstrK.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"Apoint" = C:\Program Files\DellTPad\Apoint.exe [07/02/2007 01:29 PM | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"BDAgent" = "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [07/24/2008 05:28 AM | 00,368,640 | ---- | M] (BitDefender S.R.L.)
"BDRegion" = C:\Program Files\Cyberlink\Shared Files\brs.exe [03/21/2008 10:21 AM | 00,091,432 | ---- | M] (cyberlink)
"BitDefender Antiphishing Helper" = "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [07/24/2008 05:28 AM | 00,061,440 | ---- | M] (BitDefender)
"Broadcom Wireless Manager UI" = C:\WINDOWS\system32\WLTRAY.exe [10/09/2007 07:17 PM | 02,183,168 | ---- | M] (Dell Inc.)
"Dell QuickSet" = C:\Program Files\Dell\QuickSet\quickset.exe [02/22/2008 12:43 PM | 01,245,184 | ---- | M] (Dell Inc.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM | 00,289,064 | ---- | M] (Apple Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [02/22/2008 05:46 AM | 13,508,608 | ---- | M] (NVIDIA Corporation)
"NVHotkey" = rundll32.exe nvHotkey.dll,Start [02/22/2008 05:46 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [02/22/2008 05:46 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /installquiet [02/22/2008 05:46 AM | 01,626,112 | ---- | M] ()
"OEM02Mon.exe" = C:\WINDOWS\OEM02Mon.exe [05/10/2007 01:01 AM | 00,036,864 | ---- | M] (Creative Technology Ltd.)
"PDVD8LanguageShortcut" = "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [12/14/2007 11:36 AM | 00,050,472 | ---- | M] ()
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RemoteControl8" = "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [03/20/2008 08:23 PM | 00,083,240 | ---- | M] (Cyberlink Corp.)
"SigmaTel Audio" = C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\setup.exe -postqfe [10/18/2007 03:46 PM | 00,117,200 | ---- | M] (InstallShield Software Corporation)
"SigmatelSysTrayApp" = %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [05/10/2007 10:22 AM | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
"DELL Webcam Manager" = "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s [06/07/2007 11:14 AM | 00,118,784 | ---- | M] (Creative Technology Ltd.)
"DellAutomatedPCTuneUp" = "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [10/11/2007 09:49 AM | 00,465,136 | ---- | M] (Gteko Ltd.)
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe [09/18/2005 06:40 PM | 01,421,824 | ---- | M] (Methlabs)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [02/27/2007 11:39 AM | 01,310,720 | ---- | M] (SUPERAntiSpyware.com)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" [08/16/2008 12:17 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-299502267-220523388-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
"DELL Webcam Manager" = "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s [06/07/2007 11:14 AM | 00,118,784 | ---- | M] (Creative Technology Ltd.)
"DellAutomatedPCTuneUp" = "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [10/11/2007 09:49 AM | 00,465,136 | ---- | M] (Gteko Ltd.)
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe [09/18/2005 06:40 PM | 01,421,824 | ---- | M] (Methlabs)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [02/27/2007 11:39 AM | 01,310,720 | ---- | M] (SUPERAntiSpyware.com)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" [08/16/2008 12:17 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.)

[HKEY_USERS\S-1-5-21-299502267-220523388-1417001333-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/03/2006 06:02 PM | 00,050,688 | ---- | M] (Avanquest Software ) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[Paul Startup Folder - C:\Documents and Settings\Paul\Start Menu\Programs\Startup]
[08/15/2008 11:23 PM | 00,147,456 | ---- | M] (Lime Wire, LLC) - C:\Documents and Settings\Paul\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}"
HKLM CLSID: (BitDefender Toolbar) - [07/24/2008 05:28 AM | 00,086,016 | ---- | M] (Bitdefender) C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"DisableRegistryTools" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-299502267-220523388-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-299502267-220523388-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_USERS\S-1-5-21-299502267-220523388-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"DisableRegistryTools" = 0

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [04/14/2008 03:00 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 03:00 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [04/14/2008 03:00 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 03:00 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/30/2007 05:43 PM | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe [08/16/2008 12:17 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/10/2008 10:51 AM | 20,246,824 | ---- | M] (Apple Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe [08/26/2008 02:28 AM | 00,066,872 | ---- | M] ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe [08/26/2008 02:28 AM | 00,103,736 | ---- | M] ()
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe [05/14/2008 07:18 PM | 24,670,208 | ---- | M] (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe [05/14/2008 07:21 PM | 24,186,880 | ---- | M] (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe [02/22/2008 11:08 AM | 00,619,144 | ---- | M] (Ubisoft)
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe [03/12/2008 02:19 PM | 00,888,320 | ---- | M] ()
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe [08/19/2008 07:48 PM | 01,598,144 | ---- | M] ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe [08/15/2008 11:23 PM | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [05/30/2008 03:54 PM | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe [06/20/2008 03:43 PM | 03,330,048 | ---- | M] ()

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/14/2008 03:00 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/14/2008 03:00 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/14/2008 03:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/14/2008 03:00 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/14/2008 03:00 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [02/27/2007 11:39 AM | 00,282,624 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
"DllName" = C:\WINDOWS\system32\antiwpa.dll [02/14/2008 09:04 PM | 00,005,376 | R--- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"DllName" = File not found

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 2
"services" = 0
"startup" = 0

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{35E9BD93-831F-4F01-B0DA-91D8FE747DC7}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5426F3CF-BDC8-4D98-A574-814D4A757868}]
Servers: | Description: Broadcom 440x 10/100 Integrated Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6DF18B18-8AA0-4832-AFA3-E8847BF6A362}]
Servers: | Description: Dell Wireless 1395 WLAN Mini-Card

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FB89415B-5D53-4F02-B356-D40A87138274}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[07/14/2008 11:53 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTORUN.INF [[autorun] | open=win32\autoplay.exe | icon=win32\vmo2.exe | | shell\Install=Install Virtual Makeover 2 Deluxe | shell\Install\Command=setup.exe | | shell\Uninstall=Uninstall Virtual Makeover 2 Deluxe | shell\Uninstall\Command=setup.exe | | shell\Ereg=Register Virtual Makeover 2 Deluxe | shell\Ereg\Command=msreg\msrun32.exe LaunchRegistration | | shell\ReadMe=View ReadMe | shell\ReadMe\Command=Notepad.exe readme.txt | | ]
[06/28/1999 03:56 PM | 00,000,412 | ---- | M] () D:\AUTORUN.INF [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\AutoRun]
"Extended" =

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\AutoRun\command]
"" = win32\autoplay.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\Ereg]
"" = Register Virtual Makeover 2 Deluxe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\Ereg\Command]
"" = msreg\msrun32.exe LaunchRegistration

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\Install]
"" = Install Virtual Makeover 2 Deluxe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\Install\Command]
"" = C:\WINDOWS\system32\setup.exe [04/14/2008 03:00 PM | 00,023,040 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\ReadMe]
"" = View ReadMe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\ReadMe\Command]
"" = Notepad.exe readme.txt

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\Uninstall]
"" = C:\Program Files\Mozilla Firefox\uninstall [07/17/2008 07:07 AM | ---D | M]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2f8002-5195-11dd-83ca-806d6172696f}\Shell\Uninstall\Command]
"" = C:\WINDOWS\system32\setup.exe [04/14/2008 03:00 PM | 00,023,040 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a219073e-5fb6-11dd-9503-001d09d69839}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a219073e-5fb6-11dd-9503-001d09d69839}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 03:00 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a219073e-5fb6-11dd-9503-001d09d69839}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce757dc8-53cf-11dd-94d9-001d09d69839}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce757dc8-53cf-11dd-94d9-001d09d69839}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 03:00 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce757dc8-53cf-11dd-94d9-001d09d69839}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf03c96e-5e16-11dd-9501-001d09d69839}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf03c96e-5e16-11dd-9501-001d09d69839}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 03:00 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf03c96e-5e16-11dd-9501-001d09d69839}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df30d0ae-5186-11dd-94ce-001d09d69839}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df30d0ae-5186-11dd-94ce-001d09d69839}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 03:00 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df30d0ae-5186-11dd-94ce-001d09d69839}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65802d9-6053-11dd-9506-001d09d69839}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65802d9-6053-11dd-9506-001d09d69839}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 03:00 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65802d9-6053-11dd-9506-001d09d69839}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
"Extended" =

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
"" = win32\autoplay.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Ereg]
"" = Register Virtual Makeover 2 Deluxe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Ereg\Command]
"" = msreg\msrun32.exe LaunchRegistration

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Install]
"" = Install Virtual Makeover 2 Deluxe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Install\Command]
"" = C:\WINDOWS\system32\setup.exe [04/14/2008 03:00 PM | 00,023,040 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\ReadMe]
"" = View ReadMe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\ReadMe\Command]
"" = Notepad.exe readme.txt

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Uninstall]
"" = C:\Program Files\Mozilla Firefox\uninstall [07/17/2008 07:07 AM | ---D | M]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Uninstall\Command]
"" = C:\WINDOWS\system32\setup.exe [04/14/2008 03:00 PM | 00,023,040 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
"" = F:\setup.exe File not found

===== Hosts File =====

HOSTS File = (818 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 update.bitdefender.com
127.0.0.1 mpa.one.microsoft.com



[Files/Folders - Created Within 30 days]
[06/30/2008 06:30 PM | 00,008,192 | ---- | C] () - C:\wubildr.mbr
[06/30/2008 06:30 PM | 00,188,547 | ---- | C] () - C:\wubildr
[08/19/2008 02:04 AM | ---D | C] - C:\ubuntu
[08/22/2008 04:13 PM | ---D | C] - C:\videooutput
[08/24/2008 08:18 PM | 14,505,8718 | ---- | C] () - C:\taahme01s04.MP4
[08/24/2008 08:44 PM | 14,560,4784 | ---- | C] () - C:\taahme02s04.MP4
[08/24/2008 10:47 PM | 14,399,6267 | ---- | C] () - C:\taahme03s04.MP4
[08/25/2008 01:37 AM | ---D | C] - C:\MP4.Movie.Pack.RoSub-NoGrp
[08/25/2008 03:20 PM | ---D | C] - C:\Vin Diesel Collection
[08/25/2008 03:44 PM | 13,721,4736 | ---- | C] () - C:\taahme06s04
[08/25/2008 04:19 PM | 14,237,8613 | ---- | C] () - C:\taahme07s04
[08/25/2008 05:18 PM | 89,318,9428 | ---- | C] () - C:\Girl Cut in Two.2008.DvdRip.Xvid.Eng[www.monsternova.org].avi
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[3 C:\WINDOWS\System32\*.tmp files]
[02/14/2008 09:04 PM | 00,005,376 | R--- | C] () - C:\WINDOWS\System32\antiwpa.dll
[02/25/2007 03:36 PM | 00,383,238 | ---- | C] () - C:\WINDOWS\System32\libmp3lame-0.dll
[07/08/2008 06:16 PM | 00,180,224 | ---- | C] (fCoder Group International) - C:\WINDOWS\System32\cnvshell.dll
[07/29/2008 01:16 PM | 00,000,056 | -H-- | C] () - C:\WINDOWS\System32\ezsidmv.dat
[08/16/2008 11:07 PM | 00,532,480 | ---- | C] (ScreenTime Media) - C:\WINDOWS\System32\Assassins Creed Diaporama.scr
[08/17/2008 05:46 PM | ---D | C] - C:\WINDOWS\System32\appmgmt
[08/25/2008 02:23 PM | 00,004,788 | ---- | C] () - C:\WINDOWS\System32\tmp.reg
[08/26/2008 01:30 AM | ---D | C] - C:\WINDOWS\System32\Kaspersky Lab
[08/26/2008 01:49 AM | ---D | C] - C:\WINDOWS\System32\Assassins Creed Diaporama dir
[02/14/2008 09:04 PM | 00,005,376 | ---- | C] () - C:\WINDOWS\System\antiwpa.dll
[4 C:\WINDOWS\*.tmp files]
[07/27/2008 05:07 PM | ---D | C] - C:\WINDOWS\Logs
[07/30/2008 08:20 PM | ---D | C] - C:\WINDOWS\SHELLNEW
[07/30/2008 08:21 PM | 00,000,376 | ---- | C] () - C:\WINDOWS\ODBC.INI
[08/06/2008 06:56 PM | ---D | C] - C:\WINDOWS\BBStore
[08/09/2008 03:18 PM | ---D | C] - C:\WINDOWS\Minidump
[08/16/2008 08:58 PM | 00,000,038 | ---- | C] () - C:\WINDOWS\avisplitter.INI
[08/16/2008 12:33 PM | 00,000,151 | ---- | C] () - C:\WINDOWS\PhotoSnapViewer.INI
[08/17/2008 01:27 AM | 00,000,069 | ---- | C] () - C:\WINDOWS\NeroDigital.ini
[08/25/2008 01:19 PM | ---D | C] - C:\WINDOWS\CSC
[08/26/2008 02:07 AM | ---D | C] - C:\WINDOWS\LastGood
[07/28/2008 11:10 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\CyberLink
[08/13/2008 01:01 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\FLEXnet
[08/14/2008 03:58 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Ahead
[08/20/2008 09:56 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Soulseek
[08/22/2008 04:18 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
[08/25/2008 01:42 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/25/2008 02:25 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/25/2008 08:14 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[08/26/2008 01:30 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[07/28/2008 11:10 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\CyberLink
[08/05/2008 12:10 AM | ---D | C] - C:\Documents and Settings\Paul\Application Data\Media Player Classic
[08/06/2008 07:51 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\SPORE Creature Creator
[08/11/2008 02:08 AM | ---D | C] - C:\Documents and Settings\Paul\Application Data\ImgBurn
[08/14/2008 07:04 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\Ahead
[08/16/2008 05:06 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\Xfire
[08/22/2008 04:20 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\Eltima Software
[08/24/2008 08:02 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\avidemux
[08/25/2008 01:21 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\TmpRecentIcons
[08/25/2008 01:42 AM | ---D | C] - C:\Documents and Settings\Paul\Application Data\SUPERAntiSpyware.com
[08/25/2008 02:25 AM | ---D | C] - C:\Documents and Settings\Paul\Application Data\Malwarebytes
[08/25/2008 04:07 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\gtk-2.0
[08/25/2008 09:16 PM | ---D | C] - C:\Documents and Settings\Paul\Application Data\LimeWire
[08/26/2008 12:00 AM | ---D | C] - C:\Documents and Settings\Paul\Application Data\skypePM
[08/04/2008 01:10 AM | ---D | C] - C:\Documents and Settings\Paul\Local Settings\Application Data\Identities
[08/14/2008 04:01 PM | ---D | C] - C:\Documents and Settings\Paul\Local Settings\Application Data\Ahead
[08/22/2008 03:40 PM | ---D | C] - C:\Documents and Settings\Paul\Local Settings\Application Data\CyberLink
[08/09/2008 04:09 AM | ---D | C] - C:\Documents and Settings\All Users\Documents\ImageConverter Plus
[08/19/2008 01:16 AM | ---D | C] - C:\Documents and Settings\All Users\Documents\STALKER-SHOC
[07/27/2008 11:59 PM | ---D | C] - C:\Documents and Settings\Paul\My Documents\NFS Most Wanted
[07/28/2008 11:10 PM | ---D | C] - C:\Documents and Settings\Paul\My Documents\CyberLink
[07/29/2008 11:51 PM | 00,201,712 | ---- | C] () - C:\Documents and Settings\Paul\My Documents\cc_20080729_2350.reg
[08/02/2008 05:31 PM | ---D | C] - C:\Documents and Settings\Paul\My Documents\My Spore Creations
[08/09/2008 01:51 AM | 02,875,952 | ---- | C] () - C:\Documents and Settings\Paul\My Documents\WPP2006_Highlights_rev.pdf
[08/09/2008 03:18 PM | 00,164,966 | ---- | C] () - C:\Documents and Settings\Paul\My Documents\cc_20080809_151851.reg
[08/09/2008 04:10 AM | 01,031,526 | ---- | C] () - C:\Documents and Settings\Paul\My Documents\sackboy_kratos (1).bmp
[08/09/2008 04:10 AM | 01,031,526 | ---- | C] () - C:\Documents and Settings\Paul\My Documents\sackboy_kratos.bmp
[08/09/2008 04:11 AM | ---D | C] - C:\Documents and Settings\Paul\My Documents\Image Converter Plus
[08/09/2008 04:13 AM | 01,031,526 | ---- | C] () - C:\Documents and Settings\Paul\My Documents\sackboy_kratos (2).bmp
[08/09/2008 04:14 AM | 00,051,484 | ---- | C] () - C:\Documents and Settings\Paul\My Documents\sackboy_kratos.jpg
[08/15/2008 08:17 PM | ---D | C] - C:\Documents and Settings\Paul\My Documents\GTA San Andreas User Files
[08/21/2008 03:02 PM | ---D | C] - C:\Documents and Settings\Paul\My Documents\LimeWire
[08/25/2008 06:10 PM | ---D | C] - C:\Documents and Settings\Paul\My Documents\call of juarez
[07/27/2008 04:08 PM | 00,000,657 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[07/28/2008 11:09 PM | 00,000,913 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD 8.lnk
[08/02/2008 05:15 PM | 00,001,918 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SPORE™ Creature Creator.lnk
[08/06/2008 06:56 PM | 00,000,925 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Realhomes 3D Designer Demo.lnk
[08/13/2008 02:05 AM | 00,000,959 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online.lnk
[08/17/2008 05:21 PM | 00,002,415 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Run Audiosurf.lnk
[08/19/2008 01:00 AM | 00,000,979 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[08/25/2008 01:42 AM | 00,000,780 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[08/26/2008 02:06 AM | 00,001,691 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[08/26/2008 02:06 AM | 00,001,691 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[03/17/2008 12:06 PM | 00,319,488 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\STALKER Trainer.exe
[04/15/2008 12:02 PM | 00,025,365 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\eXtalia.nfo
[06/05/2008 09:56 AM | 01,458,688 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Call of Duty 4 Trainer.exe
[07/05/2008 03:03 AM | 03,330,048 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\iw3mp.exe
[08/06/2008 01:45 AM | 00,193,551 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\ShutdownInstaller.exe
[08/16/2008 10:45 PM | 00,004,111 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Playlist walk & jog.m3u
[08/18/2008 10:35 PM | 00,116,248 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\PViewer.zip
[08/19/2008 01:42 AM | 72,822,1696 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\ubuntu-8.04.1-desktop-i386.iso
[08/19/2008 08:58 PM | 00,000,060 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\listen.pls
[08/19/2008 12:06 AM | 00,276,755 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\PC.Shooter.Games.Pack-TB.torrent
[08/20/2008 10:41 PM | 00,023,831 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Yoga_Zone_-_Conditioning_and_Stress_Release.3277407.TPB.torrent
[08/21/2008 02:57 PM | 00,690,136 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\installer-72114-19en-LimeWire-English.exe
[08/21/2008 06:22 PM | 00,019,144 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Winsor Pilates Maximum Burn Basics mpg.torrent
[08/21/2008 08:06 PM | ---D | C] - C:\Documents and Settings\Paul\Desktop\Chestii de pe desktop
[08/21/2008 09:42 PM | 14,414,817 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\13164_moonshell171_with_dpgtools13.zip
[08/21/2008 09:44 PM | 00,017,782 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Wall.E.TS.XviD-PreVail.Dmnhubs.com [mininova].torrent
[08/21/2008 09:47 PM | 05,806,127 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\BatchDPGMTv2.7z
[08/21/2008 09:48 PM | 13,165,974 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\22284_Video_Convert_To__.dpg_.rar
[08/21/2008 10:53 AM | 03,827,712 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Plumb - 09 - Damaged.mp3
[08/22/2008 03:56 PM | 00,190,094 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Crunch Super SlimDown.torrent
[08/22/2008 03:58 PM | 00,012,240 | ---- | C] () - C:\Documents and Settings\Paul\Desktop\Crunch_Super_SlimDown_Pilates_Yoga_Blend_workout_o-Demonoid.com-o_4475317.7796.torrent
[08/22/2008 04:10 PM | ---D | C] - C:\Documents and Settings&
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hi.. Somehow your OTViewIt log has been cut-off.. can you please find and attach that log instead of post it?.. Thanks
  • 0

#9
paulpc

paulpc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here you go:

Attached Files


  • 0

#10
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP