Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Watson is screwing up everything![RESOLVED]


  • This topic is locked This topic is locked

#1
Ruffio

Ruffio

    Member

  • Member
  • PipPip
  • 11 posts
everytime i move my mouse arrow over a video file windows locks up. I've tried everything. :tazz:

Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 10:44:28 AM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jucheck.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netropa\Traymon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk...ice/index.shtml
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win
O1 - Hosts: quote:207.44.248.22 suprnova.dyndns.org
O1 - Hosts: 207.44.248.22 suprnova1.dyndns.org
O1 - Hosts: 207.44.248.53 suprnova2.dyndns.org
O1 - Hosts: 207.44.248.66 suprnova3.dyndns.org
O1 - Hosts: 164.8.233.99 durga.mobilefrenzy.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: lnxqszqkpytflrnxsxzb - {6ac240c9-f19c-42d1-9c69-3c1d0567a644} - C:\DOCUME~1\Brian\APPLIC~1\oufqddrbrie.dll (file missing)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O3 - Toolbar: rglbthdtcho - {3d72673f-e63b-427d-b82a-cd8697ea1cc5} - C:\DOCUME~1\Brian\APPLIC~1\oufqddrbrie.dll (file missing)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zcfrjxj] C:\WINDOWS\moxxprpaz.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [System-Service] C:\WINDOWS\SYSTEM\EXPLORER.SCR
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedUpMyPC] C:\Program Files\LIUtilities\SpeedUpMyPC\SpeedUpMyPC.exe traybar
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LexStart] C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [lepgj] C:\WINDOWS\lepgj.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\SYSTEM32\Israfel.vbs
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FoxMediaCenter] C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Brian\Local Settings\Temp\Rar$EX00.906\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Documents and Settings\Brian\Desktop\Torrent\Bandwidth Monitor Pro-fixed-working\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ClientDownLoad3 - http://www.phonefree...ntDownload3.cab
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.co.../cx_tgctlcm.jsp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3A6401EE-B00C-4CB8-9C1D-DB00CD78E318} (Paygator Object) - http://www.pcbang.co...nt/paygator.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {481782BB-6356-4629-A256-CB209F0BBD65} (Nshort Control) - http://www.sajubogi.com/sajubogi.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communitie...t/msnchat42.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybudd.../bblauncher.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Ruffio

Please read through the instructions before you start (you may want to print this out).

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Please set your system to show all files; please see here if you're unsure how to do this.

Download Pocket Killbox and unzip it; save it to your Desktop.

Lets see if this will finds any hidden Trojan’s http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate then run a full scan save the log when the scan has finnished.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win
O1 - Hosts: quote:207.44.248.22 suprnova.dyndns.org
O1 - Hosts: 207.44.248.22 suprnova1.dyndns.org
O1 - Hosts: 207.44.248.53 suprnova2.dyndns.org
O1 - Hosts: 207.44.248.66 suprnova3.dyndns.org
O1 - Hosts: 164.8.233.99 durga.mobilefrenzy.com
O2 - BHO: lnxqszqkpytflrnxsxzb - {6ac240c9-f19c-42d1-9c69-3c1d0567a644} - C:\DOCUME~1\Brian\APPLIC~1\oufqddrbrie.dll (file missing)
O3 - Toolbar: rglbthdtcho - {3d72673f-e63b-427d-b82a-cd8697ea1cc5} - C:\DOCUME~1\Brian\APPLIC~1\oufqddrbrie.dll (file missing)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [zcfrjxj] C:\WINDOWS\moxxprpaz.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [System-Service] C:\WINDOWS\SYSTEM\EXPLORER.SCR
O4 - HKLM\..\Run: [lepgj] C:\WINDOWS\lepgj.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\SYSTEM32\Israfel.vbs
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O16 - DPF: {481782BB-6356-4629-A256-CB209F0BBD65} (Nshort Control) - http://www.sajubogi.com/sajubogi.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybudd.../bblauncher.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\Program Files\Web_Rebates<--Delete the whole folder
C:\Program Files\webHancer<--Delete the whole folder
C:\Program Files\Common Files\Totem Shared<--Delete the whole folder
C:\Program Files\TV Media<--Delete the whole folder
Exit Explorer.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINDOWS\moxxprpaz.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\WINDOWS\wast2.exe 2
C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\TV Media\Tvm.exe
C:\WINDOWS\SYSTEM\EXPLORER.SCR
C:\WINDOWS\lepgj.exe
C:\WINDOWS\SYSTEM32\Kernel32.win
C:\WINDOWS\SYSTEM32\Israfel.vbs
C:\WINDOWS\ARUpdate.exe
c:\windows\180ax.exe
C:\WINDOWS\System32\searchsetter[1].exe[/B]
Reboot as normal.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Reboot when prompted to let it clean out the remaining files.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i did everything as instructed except now i cant seem to run the free panda and house call scans due to browser problems..will fix and post a little later..


in the meantime here is my hijiack this printout after i did eveything else.

by the way.. the dr watson prefetch file seems to come back all on its own.(yes i did delete everything in the prefetch folder.. weird) and the same problem i had before still exists. anything else i can do to get rid of it?

Logfile of HijackThis v1.99.1
Scan saved at 1:19:16 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brian\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.bbc.co.uk...ice/index.shtml
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890}

- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} -

C:\WINDOWS\System32\IETie.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} -

C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01

\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedUpMyPC] C:\Program

Files\LIUtilities\SpeedUpMyPC\SpeedUpMyPC.exe traybar
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32

\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32

\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-

DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-

DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1

\dpps2.exe"
O4 - HKLM\..\Run: [LexStart] C:\Program

Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-

Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FoxMediaCenter] C:\Program

Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate

Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

-Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Brian\Local

Settings\Temp\Rar$EX00.906\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Documents and

Settings\Brian\Desktop\Torrent\Bandwidth Monitor Pro-fixed-

working\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common

Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra

Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony

Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} -

C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-

0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}

- C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ClientDownLoad3 -

http://www.phonefree...ntDownload3.cab
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

Configuration Class) -

http://usercenter.co.../cx_tgctlcm.jsp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=36467&clcid=0x409
O16 - DPF: {3A6401EE-B00C-4CB8-9C1D-DB00CD78E318} (Paygator Object) -

http://www.pcbang.co...nt/paygator.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akama...pple.com/samant

ha/us/win/QuickTimeInstaller.exe
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} -

http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} -

http://sc.communitie...t/msnchat42.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} -

http://fdl.msn.com/p...at/msnchat4.cab
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program

Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service

(Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-

Virus\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Please post a ne HJT,log I am unable to read the one you posted.

Post it the same as the first one you did

Kc :tazz:
  • 0

#5
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here ya go. also, my firefox has changed since i followed your instructions. It no longer displays as many graphics as it used to. i tried just downloading firefox again but it didn't work. may be why HJT isn't coming in well. dunno though. here's my 2nd try at posting the previous HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 1:19:16 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brian\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk...ice/index.shtml
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedUpMyPC] C:\Program Files\LIUtilities\SpeedUpMyPC\SpeedUpMyPC.exe traybar
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [LexStart] C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FoxMediaCenter] C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Brian\Local Settings\Temp\Rar$EX00.906\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Documents and Settings\Brian\Desktop\Torrent\Bandwidth Monitor Pro-fixed-working\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ClientDownLoad3 - http://www.phonefree...ntDownload3.cab
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.co.../cx_tgctlcm.jsp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3A6401EE-B00C-4CB8-9C1D-DB00CD78E318} (Paygator Object) - http://www.pcbang.co...nt/paygator.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communitie...t/msnchat42.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

#6
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
found the problem with firefox. i just had to reinstall java. browser is working fine. just that Dr Watson thing to fix now. :tazz:
  • 0

#7
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Ruffio

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Trojan remover tool 1

Kaspersky Worm Removal Tool tool 2

sphjfix tool 3

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Reboot into Safe Mode: Click here if you don't know how to do this.

Run tool 1 Ewido save the log post the log with your next post.

Run tool 2 Kaspersky Worm Removal Tool save the log post the log with your next post.

Run tool 3 sphjfix save the log post the log with your next post.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Reboot as normal

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#8
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here's the edwido log


ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:11:13 PM, 5/17/2005
+ Report-Checksum: 7161573C

+ Date of database: 5/17/2005
+ Version of scan engine: v3.0

+ Duration: 67 min
+ Scanned Files: 109185
+ Speed: 27.06 Files/Second
+ Infected files: 5
+ Removed files: 5
+ Files put in quarantine: 5
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Brian\Desktop\Torrent\PandaTAV2004\Panda_Titanium_Antivirus_2004\TITANIUM\QRV.KRN -> Trojan.FormatC -> Cleaned with backup
C:\Invision2\Download\polarisse.rar/PolarisSE.zip/mirc32.exe -> Backdoor.IRC.mIRC-based -> Cleaned with backup
C:\Program Files\UltraPlayer\ijl11.dll -> Backdoor.Superstar.21 -> Cleaned with backup
C:\WINDOWS\cpruninst.0xe -> Spyware.Adroar -> Cleaned with backup
C:\WINDOWS\SYSTEM32\chktrust.exe -> Spyware.Bargainbuddy -> Cleaned with backup



here's one from today after an update....



---------------------------------------------------------

+ Created on: 2:21:20 PM, 5/18/2005
+ Report-Checksum: CE5238B4

+ Date of database: 5/18/2005
+ Version of scan engine: v3.0

+ Duration: 94 min
+ Scanned Files: 126593
+ Speed: 22.39 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP505\A0145760.exe -> Spyware.Bargainbuddy -> Cleaned with backup


::Report End




Your Kaspersky link did not work. on that site i found some worm killing software and i downloaded 4 seperate programs. here are the names: klwk.zip, clrav.zip, AntiNimd.zip, and KLAntiFL.exe. klwk and clrav opened dos windows to scan. both said nothing was infected but i didn't know how to save or copy/paste those logs. AntiNimd did not want to run at all so i left it alone. KLAntiFL ran like a full virus san program and went through my whole computer. at this point i can't even close that program but it also said nothing was infected



here is the SPseHJfix log:




(5/18/05 12:43:54 PM) SPSeHjFix started v1.1.2
(5/18/05 12:43:54 PM) OS: WinXP Service Pack 2 (5.1.2600)
(5/18/05 12:43:54 PM) Language: english
(5/18/05 12:43:54 PM) Win-Path: C:\WINDOWS
(5/18/05 12:43:54 PM) System-Path: C:\WINDOWS\system32
(5/18/05 12:43:54 PM) Temp-Path: C:\DOCUME~1\Brian\LOCALS~1\Temp\


(5/18/05 2:26:29 PM) SPSeHjFix started v1.1.2
(5/18/05 2:26:29 PM) OS: WinXP Service Pack 2 (5.1.2600)
(5/18/05 2:26:29 PM) Language: english
(5/18/05 2:26:29 PM) Win-Path: C:\WINDOWS
(5/18/05 2:26:29 PM) System-Path: C:\WINDOWS\system32
(5/18/05 2:26:29 PM) Temp-Path: C:\DOCUME~1\Brian\LOCALS~1\Temp\
(5/18/05 2:26:40 PM) Disinfection started
(5/18/05 2:26:40 PM) Bad-Dll(IEP): (not found)
(5/18/05 2:26:40 PM) Bad-Dll(IEP) in BHO: (not found)
(5/18/05 2:26:40 PM) UBF: 7 - UBB: 3 - UBR: 35
(5/18/05 2:26:40 PM) UBF: 7 - UBB: 3 - UBR: 35
(5/18/05 2:26:40 PM) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
(5/18/05 2:26:40 PM) Stealth-String not found
(5/18/05 2:26:40 PM) Not infected->END


(5/18/05 2:27:11 PM) SPSeHjFix started v1.1.2
(5/18/05 2:27:11 PM) OS: WinXP Service Pack 2 (5.1.2600)
(5/18/05 2:27:11 PM) Language: english
(5/18/05 2:27:11 PM) Win-Path: C:\WINDOWS
(5/18/05 2:27:11 PM) System-Path: C:\WINDOWS\system32
(5/18/05 2:27:11 PM) Temp-Path: C:\DOCUME~1\Brian\LOCALS~1\Temp\
(5/18/05 2:27:16 PM) Disinfection started
(5/18/05 2:27:16 PM) Bad-Dll(IEP): (not found)
(5/18/05 2:27:16 PM) Bad-Dll(IEP) in BHO: (not found)
(5/18/05 2:27:16 PM) UBF: 7 - UBB: 3 - UBR: 35
(5/18/05 2:27:16 PM) UBF: 7 - UBB: 3 - UBR: 35
(5/18/05 2:27:16 PM) Bad IE-pages: (none)
(5/18/05 2:27:16 PM) Stealth-String not found
(5/18/05 2:27:16 PM) Not infected->END



i ran housetrend. again i couldn't save or cut/paste the log but here is what it said.

TROJ WINREG C Non Cleanable documents and setting\Brian\Desktop\TV shows\Panda Platinum Internet Security 2005...

TROJ WINREG C Non Cleanable documents and setting\Brian\Desktop\TV shows\Panda Platinum Internet Security 2005...

i'll run panda next and i will report on those results. then i'll post another HJT log if you need me too.
  • 0

#9
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Ruffio

I need to see a HJT.log please

use windows explorer delete the folowing files/folder
C:\Documents and Settings\Owner\Favorites\Homelife & Travel<--Delete this url from your Favorites
C:\Documents and Settings\Owner\Favorites\Health<--Delete this url from your Favorites
C:\DOCUME~1\Owner\LOCALS~1\Temp\bs*.tmpbsx32<--Delete this file
C:\WINDOWS\hgnjji.exe<--Delete the whole folder
C:\Program Files\adstatus service<--Delete the whole folder
C:\WINDOWS\WINREG.EXE<--Delete this file
Thanks

Kc :tazz:

Edited by thatman, 18 May 2005 - 03:23 PM.

  • 0

#10
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
well i couldn't get the panda active scan to work. after switching to internet explorer and downloading the active x controls and a system reboot it still wouldn't work. right at the page where i select "scan my entire computer" it just sits there not doing anything. i disabled edwido and avg too. still nothing :tazz:

but here is a new HJT log while i try to figure the above problem out.




Logfile of HijackThis v1.99.1
Scan saved at 5:22:07 PM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Brian\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk...ice/index.shtml
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedUpMyPC] C:\Program Files\LIUtilities\SpeedUpMyPC\SpeedUpMyPC.exe traybar
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [LexStart] C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FoxMediaCenter] C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [KL AntiFunLove] C:\WINDOWS\system32\flcss.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Brian\Local Settings\Temp\Rar$EX00.906\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Documents and Settings\Brian\Desktop\Torrent\Bandwidth Monitor Pro-fixed-working\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ClientDownLoad3 - http://www.phonefree...ntDownload3.cab
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.co.../cx_tgctlcm.jsp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3A6401EE-B00C-4CB8-9C1D-DB00CD78E318} (Paygator Object) - http://www.pcbang.co...nt/paygator.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communitie...t/msnchat42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

Advertisements


#11
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
no luck with the panda active scan. it's just not working. did a bitdefender scan for ya though. hope this log from the scan helps.


C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin1.zip=>AdRoar.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRoarPlugin9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>RELATED.HTM: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite21.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite22.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite23.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite24.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite24.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite25.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite25.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite26.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite26.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite27.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite27.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite28.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite28.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite29.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite29.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite30.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite30.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite31.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite31.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite32.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite32.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite33.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite33.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite34.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite34.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite35.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite35.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite36.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite36.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite37.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite37.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite38.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite38.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite39.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite39.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite40.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite40.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite41.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite41.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite42.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite42.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite43.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite43.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite44.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite44.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite45.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite45.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite46.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite46.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite47.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite47.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite48.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite48.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite49.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite49.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite50.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite50.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite51.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite51.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite52.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite52.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite53.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite53.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite54.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite54.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite55.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite55.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite56.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite56.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite57.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite57.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite58.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite58.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite59.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite59.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite60.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite60.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite61.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite61.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite62.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite62.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite63.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite63.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast.zip=>brian@bfast[2].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast1.zip=>brian@bfast[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast2.zip=>brian@bfast[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired.zip=>Tvm.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired.zip=>TvmBho.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired.zip=>TvmCore.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop.zip=>bottomright.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop1.zip=>main_01.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop10.zip=>main_02.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop11.zip=>mp3search_02.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop2.zip=>bottomleft.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop20.zip=>brian@ayb.lop[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop21.zip=>brian@srch.lop[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop22.zip=>brian@lop[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop23.zip=>qahml.lib: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop24.zip=>qcmhckchvv.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop24.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop25.zip=>drcmhckchvv.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop25.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop26.zip=>ckcmhckchvv.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop26.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop27.zip=>vcmhckchvv.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop27.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop28.zip=>drsdrcckeach.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop28.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop29.zip=>tglllckc.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop29.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop3.zip=>searchnow.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop30.zip=>mbrkaeyk.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop30.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop31.zip=>muovxpso.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop31.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop32.zip=>mwaadepq.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop32.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop33.zip=>mckzclky.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop33.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop34.zip=>brian@srch.lop[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop34.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop35.zip=>oufqddrbrie.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop35.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop36.zip=>oufqddrbrie.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop36.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop4.zip=>topleft.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop5.zip=>topright.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop6.zip=>seperateline.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop7.zip=>seperateline3.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop8.zip=>seperateline1.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop9.zip=>newsbarend.gif: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Clop9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonExtensionhijack.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonExtensionhijack.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration3.zip=>xmltok.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration4.zip=>SahHtml.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration5.zip=>SAHUninstall.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration6.zip=>xmlparse.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration7.zip=>lsp.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EVenturesNV.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EVenturesNV.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin.zip=>mkyslomv.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin1.zip=>mkyslomv.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin2.zip=>mkyslomv.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin3.zip=>mkyslomv.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchAndWin3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchCards.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchCards.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchCards1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeScratchCards1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox.zip=>brian@hitbox[2].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox1.zip=>brian@phg.hitbox[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox2.zip=>brian@ehg-dig.hitbox[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox3.zip=>brian@w128.hitbox[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox4.zip=>brian@phg.hitbox[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox5.zip=>brian@hitbox[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IGetNet9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch6.zip=>Lycos Sidesearch.lnk: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch8.zip=>offline.htm: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LycosSideSearch8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks5.zip=>sbRecovery.ini: password protected
C:&
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Ruffio

Lets start with cleaning all the malware out of spybotsd

ftp://fx1.hrz.uni-dortmund.de/sw_data/su1...ybotsd14rc2.exe
The above item is the latest version

Spybot Tutorial

Disable Spybot Tutorial

Kc :tazz:
  • 0

#13
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here is the spybot log. i ran the new spybot. not sure what you wanted me to do other than that. here it is.



--- Search result list ---
E-Ventures N.V.: Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSetter

BackWeb lite: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\BackWeb

BackWeb lite: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\BackWeb

BackWeb lite: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\BackWeb

BackWeb lite: Netscape viewer (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview

BackWeb lite: Netscape viewer (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview

BackWeb lite: Netscape viewer (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers\application/x-iad

BackWeb lite: Netscape viewer (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers\application/x-iad

OpaServ: Executable (File, nothing done)
C:\WINDOWS\scrsvr.exe

Common Dialogs: History (49 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: Active Setup Log.txt (Backup file, nothing done)
C:\WINDOWS\Active Setup Log.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt

Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

ABI Coder: Last used folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\ABI Software Development\Coder\StartingPath!=

Ahead Nero Burning Rom: Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Ahead\Nero - Burning Rom\Recent file list

Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

Ahead Nero Burning Rom: Browser directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=

Ahead Nero Burning Rom: Working directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=

Ahead Nero Burning Rom: Last ISO directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\ahead\Nero - Burning Rom\General\OFDLastISODir!=

Ahead Nero Burning Rom: Last Video directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\ahead\Nero - Burning Rom\General\OFDLastVideoDir!=

Ahead Nero Burning Rom: Last Audio directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\ahead\Nero - Burning Rom\General\OFDLastAudioDir!=

CloneCD: Last created CD image (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Elaborate Bytes\CloneCD\Settings\ImageFileName!=

CloneCD: Last created log file (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Elaborate Bytes\CloneCD\Settings\LogFileName!=

dBpowerAMP: Last conversion format (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Illustrate\dBpowerAMP\CDInput-RipTo!=

dBpowerAMP: Last MP3 user folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Illustrate\dBpowerAMP\dMCCodec\Mp3 (Lame)\DMCUserFolderStr!=

Gabest Media Player Classic: Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Gabest\Media Player Classic\Recent File List

Internet Explorer: Typed URL list (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

MS Media Player: Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir!=

MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

MS Media Player: Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: Last selected node (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=

MS Media Player: Manually modified tags history (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Last mapped application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\DirectInput\MostRecentMapperApplication\ID!=

MS DirectInput: Last mapped application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\DirectInput\MostRecentMapperApplication\Name!=

MS Office 10.0 (Word): Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Office\10.0\Word\Data\Settings

MS Fax: Last country ID (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Fax\UserInfo\LastCountryID

MS Fax: Last recipient name (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Fax\UserInfo\LastRecipientName

MS Fax: Last recipient number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Fax\UserInfo\LastRecipientNumber

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Search Assistant\ACMru

RealOne Player 2 (aka RealPlayer 6.0): Last open file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\!=

Windows: Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=

Windows.OpenWith: Open with list - .000 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.000\OpenWithList

Windows.OpenWith: Open with list - .001 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

Windows.OpenWith: Open with list - .003 extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList

Windows.OpenWith: Open with list - .006 extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

Windows.OpenWith: Open with list - .8 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8\OpenWithList

Windows.OpenWith: Open with list - .ASF extension (10 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

Windows.OpenWith: Open with list - .ASX extension (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

Windows.OpenWith: Open with list - .AU extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithList

Windows.OpenWith: Open with list - .AVI extension (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BAK extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList

Windows.OpenWith: Open with list - .BIN extension (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (10 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .C extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.C\OpenWithList

Windows.OpenWith: Open with list - .CAB extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

Windows.OpenWith: Open with list - .CCC extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CCC\OpenWithList

Windows.OpenWith: Open with list - .CDA extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: Open with list - .CSS extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

Windows.OpenWith: Open with list - .CUE extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList

Windows Explorer: Recent wallpaper list (145 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Run history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history (43 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history IE (53 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (707 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: Recent file list (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\WinRAR\ArcHistory

WinRAR: Recent exe file list (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\WinRAR\DialogEditHistory\ArcName

WinRAR: Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\WinRAR\General\LastFolder!=

WinRAR: Extraction directory history (16 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\WinRAR\DialogEditHistory\ExtrPath

WinRAR: Managed by wizard archives history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\WinRAR\DialogEditHistory\WizArcName

WinZip: Recent wizard folder list (44 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\WIZDIR

WinZip: Recent created file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\filemenu

WinZip: Wizard Extraction folder history (10 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\select

WinZip: Number of times run (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\rrs\Opened!=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\directories\DefDir!=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\directories\zDefDir!=

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\directories\AddDir!=

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\directories\ExtractTo!=

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\directories\gzAddDir!=

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-914090876-2942328611-1021817841-1006\Software\Nico Mak Computing\WinZip\directories\gzExtractTo!=

Cookie: Cookie (2) (Cookie, nothing done)


Cache: Cache (354) (Cache, nothing done)


Cookie: Cookie (189) (Cookie, nothing done)


Cookie: Cookie (255) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 RC2 (build: 20050427) ---

2005-04-27 blindman.exe (1.0.0.1)
2005-04-28 SpybotSD.exe (1.4.0.2)
2005-04-28 TeaTimer.exe (1.4.0.1)
2005-05-19 unins000.exe (51.34.0.0)
2005-04-27 Update.exe (1.4.0.0)
2005-04-27 advcheck.dll (1.0.2.0)
2005-04-27 aports.dll (2.0.0.0)
2005-04-27 borlndmm.dll (7.0.4.453)
2005-04-27 delphimm.dll (7.0.4.453)
2005-04-27 SDHelper.dll (1.4.0.0)
2005-04-27 Tools.dll (2.0.0.1)
2005-04-27 UnzDll.dll (1.73.1.1)
2005-04-27 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-04-27 Includes\Dialer.sbi (*)
2005-05-12 Includes\Hijackers.sbi (*)
2005-04-15 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-05-11 Includes\Malware.sbi (*)
2005-05-11 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-02-09 Includes\Security.sbi (*)
2005-05-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2005-05-11 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB886906)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)


--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 347136
MD5: 7f0c2657b39969d424b6604443992352

Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 271872
MD5: af9354bef717bd60e04f5bf5b9c9eaa2

Located: HK_LM:Run, DellTouch
command: C:\WINDOWS\MMKeybd.exe
file: C:\WINDOWS\MMKeybd.exe
size: 163840
MD5: 0161cd469eb389e2aad1c1f389dbdd0e

Located: HK_LM:Run, DeviceDiscovery
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 229437
MD5: 7eef9e578d2aa3d562d074bfdfe56825

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 106551
MD5: b308ec7c60cdbe4d49048c2ad234a2db

Located: HK_LM:Run, DVDBitSet
command: "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
file: C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe
size: 204800
MD5: d3116386fa95a644b4d4c63d35b224c5

Located: HK_LM:Run, DVDTray
command: "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
file: C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
size: 53248
MD5: 12a2d6dc1e4dcafb5f627c4bfd667058

Located: HK_LM:Run, ElbyCheckElbyCDFL
command: "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
file: C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
size: 45056
MD5: fb408b5e89b7eb5720e04485b847cbd4

Located: HK_LM:Run, FoxMediaCenter
command: C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
file:

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 212992
MD5: 00644f0c78c1d450394585f9133bf265

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 6ad9dcb0257b10ea458165f70634dabc

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
size: 176128
MD5: 5ad8c9b7c23428ab2e795f1d4b423805

Located: HK_LM:Run, KL AntiFunLove
command: C:\WINDOWS\system32\flcss.exe
file: C:\WINDOWS\system32\flcss.exe
size: 131136
MD5: 622d90ebe8170f853f92453ee6e76f32

Located: HK_LM:Run, LexStart
command: C:\Program Files\FoxMediaCenter\FoxMediaCenter.exe
file:

Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
file: C:\WINDOWS\Logi_MwX.Exe
size: 19968
MD5: 47f4c8707de00f5f18f6cd524df02879

Located: HK_LM:Run, lxamsp32.exe
command: lxamsp32.exe
file: C:\WINDOWS\SYSTEM32\lxamsp32.exe
size: 45056
MD5: acb761c48b7807ac1278163253ff6c36

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\SYSTEM32\nwiz.exe
size: 843776
MD5: e56f22ff356570413a81be1e01c46419

Located: HK_LM:Run, Pop-Up Stopper
command: "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
file: C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
size: 675840
MD5: 737a1477a0aa32cb0e1c80b24bb94d07

Located: HK_LM:Run, PrinTray
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
size: 36864
MD5: eafd9b9426defb0f5852acc6b75867b7

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SpeedUpMyPC
command: C:\Program Files\LIUtilities\SpeedUpMyPC\SpeedUpMyPC.exe traybar
file:

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
size: 36975
MD5: 1f6573d67dd5dc06dd29ec7fcf81dc6f

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb

Located: HK_CU:Run, AIM
command: C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
file:

Located: HK_CU:Run, Bandwidth Monitor Pro
command: "C:\Documents and Settings\Brian\Desktop\Torrent\Bandwidth Monitor Pro-fixed-working\Bandwidth Monitor Pro.exe" /minimized
file:

Located: HK_CU:Run, CommCtr
command: C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
file:

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, FreeRAM XP
command: "C:\Documents and Settings\Brian\Local Settings\Temp\Rar$EX00.906\FreeRAM XP Pro 1.40.exe" -win
file:

Located: HK_CU:Run, Microsoft Works Update Detection
command: C:\Program Files\Microsoft Works\WkDetect.exe
file:

Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 4882432
MD5: f914c780dc4a3eb6eec812f0dddc0e3a

Located: HK_CU:Run, SearchSetter
command: C:\WINDOWS\System32\searchsetter[1].exe
file:

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1318568
MD5: d8e54b412f51053aa8ac6f84369f6f9d

Located: HK_CU:Run, STYLEXP
command: C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
file:

Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Camio Viewer 2000.lnk
command: C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
file: C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
size: 49152
MD5: 5fe69e9c6d0f16895a805514ff0b15c6

Located: Startup (common), HotSync Manager.lnk
command: C:\Program Files\Sony Handheld\HOTSYNC.EXE
file: C:\Program Files\Sony Handheld\HOTSYNC.EXE
size: 299008
MD5: 47233f2abb77fb6f456202937f29211d

Located: Startup (common), Microsoft Works Calendar Reminders.lnk
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 24633
MD5: 39fdfd34f7b04290d1bc53e3d6ec7d83

Located: Startup (user), Introducing Media Manager.lnk
command: C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
file: C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
size: 156160
MD5: e4d805724f0fef09e3d9afc027b8b269

Located: Startup (user), Mobipocket Web Companion.lnk
command: C:\Program Files\MobiPocket.com\MobiPocket Reader\webcomp.exe
file:

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, WB
command: C:\Program Files\AlienGUIse\fastload.dll
file: C:\Program Files\AlienGUIse\fastload.dll
size: 24576
MD5: 9f884c45f10aaee442d4370ba90a1f89

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 5/30/2004 7:31:00 PM
Date (last access): 5/19/2005 9:25:26 PM
Date (last write): 11/19/2002 4:50:00 AM
Filesize: 94262
Attributes: archive
MD5: 758B33FF028CF30984B24E0081665CEC
CRC32: 7482DE22
Version: 3.50.22.0



--- ActiveX list ---
ClientDownLoad3 (ClientDownLoad3)
DPF name: ClientDownLoad3
CLSID name:
Installer:
Codebase: http://www.phonefree...ntDownload3.cab

cpcScanner (cpcScanner)
DPF name: cpcScanner
CLSID name:
Installer:
Codebase: http://www.crucial.c.../cpcScanner.cab

{0000000A-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMAVAX.inf
Codebase: http://download.micr...0367/wmavax.CAB

{01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class)
DPF name:
CLSID name: Support.com Configuration Class
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\tgctlcm.inf
Codebase: http://usercenter.co.../cx_tgctlcm.jsp
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: tgctlcm.dll
Short name:
Date (created): 4/24/2002 7:37:44 PM
Date (last access): 5/18/2005 8:14:18 PM
Date (last write): 4/24/2002 7:37:44 PM
Filesize: 188416
Attributes: archive
MD5: EC4392EACD7874CE19AB8756B58BE19E
CRC32: 1532BCAD
Version: 5.5.402.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft....467&clcid=0x409
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 1/28/2005 3:38:00 PM
Date (last access): 5/18/2005 8:24:48 PM
Date (last write): 1/28/2005 3:38:00 PM
Filesize: 421128
Attributes: archive
MD5: C3C3864DA698F0CC1BE56F9695534DD8
CRC32: C0FC216A
Version: 1.0.132.4

{33363249-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\i263_32.inf
Codebase: http://codecs.micros...386/i263_32.cab

{3A6401EE-B00C-4CB8-9C1D-DB00CD78E318} (Paygator Object)
DPF name:
CLSID name: Paygator Object
Installer:
Codebase: http://www.pcbang.co...nt/paygator.CAB
Path: C:\WINDOWS\DOWNLO~1\
Long name: paygator.dll
Short name:
Date (created): 12/17/2001 3:58:14 PM
Date (last access): 5/18/2005 8:14:26 PM
Date (last write): 12/17/2001 3:58:14 PM
Filesize: 414208
Attributes: archive
MD5: 92E05DDDF2AC9D8BDB7C4586F460BA58
CRC32: 480E43F4
Version: 2.0.0.0

{525A15D0-4938-11D4-94C7-0050DA20189B} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iesnoopy.INF
Codebase: http://www.ea.com/do...py/iesnoopy.cab

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoft.../as5/asinst.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2005 12:20:22 PM
Date (last access): 5/19/2005 9:29:48 PM
Date (last write): 4/11/2005 12:20:22 PM
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 57.6.0.0

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_02
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_02\bin\
Long name: NPJPI150_02.dll
Short name: NPJPI1~1.DLL
Date (created): 3/4/2005 3:36:50 AM
Date (last access): 5/18/2005 8:02:12 PM
Date (last write): 3/4/2005 3:54:18 AM
Filesize: 69746
Attributes: archive
MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
CRC32: 55F989EE
Version: 5.0.20.9



--- Process list ---
PID: 0 ( 0) [System]
PID: 420 ( 4) \SystemRoot\System32\smss.exe
PID: 468 ( 420) \??\C:\WINDOWS\system32\csrss.exe
PID: 492 ( 420) \??\C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 536 ( 492) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 548 ( 492) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 728 ( 536) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 780 ( 536) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 848 ( 536) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 964 ( 536) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1024 ( 536) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1156 ( 492) C:\Program Files\AlienGUIse\wbload.exe
size: 422912
MD5: B783DC03A3D1049A79CED85EB8960079
PID: 1228 ( 536) C:\WINDOWS\system32\LEXBCES.EXE
size: 301568
MD5: 20155A2B80C6C3C6284CB158FF998700
PID: 1256 ( 536) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1264 (1228) C:\WINDOWS\system32\LEXPPS.EXE
size: 169984
MD5: 89BC6CAB12559139AC086CCC96E6FEAA
PID: 1360 ( 536) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
PID: 1496 (1456) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1632 (1496) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1648 (1496) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 347136
MD5: 7F0C2657B39969D424B6604443992352
PID: 1656 (1496) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 271872
MD5: AF9354BEF717BD60E04F5BF5B9C9EAA2
PID: 1672 (1496) C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
size: 36975
MD5: 1F6573D67DD5DC06DD29EC7FCF81DC6F
PID: 1696 (1496) C:\WINDOWS\system32\lxamsp32.exe
size: 45056
MD5: ACB761C48B7807AC1278163253FF6C36
PID: 1720 (1496) C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
size: 53248
MD5: 12A2D6DC1E4DCAFB5F627C4BFD667058
PID: 1744 (1496) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 106551
MD5: B308EC7C60CDBE4D49048C2AD234A2DB
PID: 1760 (1496) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: B8E684DF9A97497EDD2F87444A6307FB
PID: 1776 (1496) C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 6AD9DCB0257B10EA458165F70634DABC
PID: 1784 (1496) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 212992
MD5: 00644F0C78C1D450394585F9133BF265
PID: 1800 (1496) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 229437
MD5: 7EEF9E578D2AA3D562D074BFDFE56825
PID: 1808 (1496) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1868 (1496) C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 24633
MD5: 39FDFD34F7B04290D1BC53E3D6EC7D83
PID: 184 (1704) C:\Program Files\Logitech\MouseWare\system\em_exec.exe
size: 37888
MD5: 7D325EC9B9B1589DF12D0874700BC59E
PID: 320 ( 536) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 332 ( 536) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 329728
MD5: A98CFCB4B47BE1ABEF98C903A6AA873E
PID: 360 ( 536) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 70144
MD5: 64BD967BD30437F32A658E09B04C967A
PID: 400 ( 536) C:\WINDOWS\System32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 440 ( 536) C:\WINDOWS\System32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 868 ( 536) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 944 ( 536) C:\Program Files\ewido\security suite\ewidoguard.exe
size: 159808
MD5: 01180CB2FD28E7F0728EC1A0C9B98273
PID: 1112 ( 536) C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
size: 40960
MD5: A9D204CA083E66B9C1D79045B39604B1
PID: 1152 (1752) C:\Program Files\Netropa\OSD.exe
size: 90112
MD5: 57E48E299BD2ED12E25EEE1992701BCC
PID: 1480 ( 536) C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
size: 136704
MD5: 70A1096E60A8B99B8A0B0DE74E6ACFB6
PID: 1668 ( 536) C:\WINDOWS\System32\msdtc.exe
size: 6144
MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
PID: 2104 ( 536) C:\WINDOWS\system32\nvsvc32.exe
size: 114755
MD5: E0F8F86EECAC5D01AF9BB4406A347178
PID: 2328 ( 536) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2404 ( 536) C:\WINDOWS\System32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 2544 ( 536) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 2884 ( 536) C:\WINDOWS\System32\vssvc.exe
size: 289792
MD5: 3EE00364AE0FD8D604F46CBAF512838A
PID: 2928 ( 536) C:\WINDOWS\System32\wbem\wmiapsrv.exe
size: 126464
MD5: BA8CECC3E813E1F7C441B20393D4F86C
PID: 2996 ( 536) C:\WINDOWS\System32\dmadmin.exe
size: 224768
MD5: 554C7CB178FE3BD12450B81AD63ADBC3
PID: 3028 ( 536) C:\WINDOWS\system32\fxssvc.exe
size: 267776
MD5: FCBD571FA0EE8DC238944AE5FAB74461
PID: 2748 (1544) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1318568
MD5: D8E54B412F51053AA8AC6F84369F6F9D
PID: 3264 (1496) C:\Program Files\Mozilla Firefox\firefox.exe
size: 6631012
MD5: 4ABE7358AFA12D5F0C7F293C642EB66C
PID: 1492 (2748) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4382856
MD5: 4554CD6D9BAE96822EC533CC70C6D161
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/19/2005 9:34:05 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://home.microsof...ss/allinone.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsof...obby/search.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.bbc.co.uk...ice/index.shtml
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dellnet.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsof...search.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
3Deep Space 1.1 (3D Interstellar Voyager Screensaver_is1)
uninstall cmd: "C:\Program Files\3Deep Space\3D Interstellar Voyager Screensaver\unins000.exe"
publisher: 3Deep Space. Ltd
help link: http://www.3deepspace.com

Ad-Aware SE Personal (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\Documents and Settings\Brian\Local Settings\Temp\pftBB~tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com...robat/main.html

AlienGUIse (AlienGUIse)
uninstall cmd: C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise

AsianSuite 2000 (AsianSuite 2000)

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

AVIcodec (remove only) (AVIcodec)
uninstall cmd: "C:\Program Files\AVIcodec\uninst.exe"

Bejeweled 1.23 (Bejeweled 1.23)
uninstall cmd: C:\WINDOWS\UnGins.exe "C:\Program Files\PopCap Games\Bejeweled\install.log"

BitTornado 0.3.8 0.3.8 (BitTornado)
uninstall cmd: C:\Program Files\BitTornado\uninst.exe
publisher: John Hoffman

BitTorrent 3.4.2 (BitTorrent)
uninstall cmd: "C:\Program Files\BitTorrent\uninstall.exe"

(Branding)

BSPlayer (BSPlayer1)
uninstall cmd: "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"

Calm Before the Storm Full Screen Saver 1.0 (Calm Before the Storm Full Screen Saver)
uninstall cmd: "C:\PROGRA~1\SCREEN~1.COM\Calm Before the Storm Full\UNINSTAL.EXE"
publisher: Freeze.com, LLC
help link: http://www.freeze.com

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

CloneCD (CloneCD)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Elaborate Bytes\CloneCD\Uninst.isu" -c"C:\Program Files\Elaborate Bytes\CloneCD\InstallHelp.dll"

Conexant HSF V92 56K RTAD Speakerphone PCI Modem (CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\
  • 0

#14
Ruffio

Ruffio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
just a little more information for you. the program or process that is causing me problems is drwtsn32.exe. whenever i place the mouse arrow over a video file my system freezes. the only thing i can do at that point is pull up my windows task manager. i go to the drwtsn32.exe thing and either end the process or end the process tree. then my screen goes blank for a second before coming back up like normal. i've tried to go in and completely delete the dr watson program but when i do that everything goes wacko. nothing works then. so i think i either system restore or get the prgram back from the windows update site. (can't remember which one it was) i need a way to delete the dr watson program completely without messing up my comp or a way to bllock it from coming up again. if it is a legitimate program what is it for? why has it started doing this? I guess theres no way to safely delete the entire program,is there?
  • 0

#15
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Ruffio

To disable Dr. Watson
1.Click Start, click Run, type regedit.exe in the Open box, and then click OK.

2.Locate and click the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ AeDebug
NOTE: Steps three and four are optional, but they necessary if you want to restore the default use of Dr. Watson.

3.Click the AeDebug key, and then click Export Registry File on the Registry menu.

4.Enter a name and location for the saved registry file, and then click Save.

5.Delete the AeDebug key.
Registry entries for debugger programs are located in the AeDebug key in Windows. The Dr. Watson program is installed by default in Windows, and is configured to run when an application error occurs (with a data value of 1 for the Auto value). The default values are:
Value Name = Auto
Type = String (REG_SZ)
Data Value = 1 or 0. (Default is 1)

Value Name = Debugger
Type = String (REG_SZ)
Data Value = drwtsn32 -p %ld -e %ld -g

I any malware has installed it own Dr. Watson then follow this instruction to enable the real Dr. Watson
NOTE: This data value (drwtsn32 -p %ld -e %ld -g) is specific to Dr. Watson. Alternative debuggers will have their own values and parameters.
To enable Dr. Watson
1.At a command prompt, type the following line, and then press ENTER:drwtsn32 -i
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP