[mobs420]

ComboScan v20070212.14 run by admin on 2007-02-22 at 00:29:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as admin.com) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:30:17 AM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
C:\Program Files\Common Files\{20FFCB07-0960-1033-0827-040825200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\admin\Desktop\comboscan.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\~rkaqpmy.tmp\admin.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.co...amPlayerOCX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124405933109
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://wpotc.kpdsb.o...sCamControl.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com...in/h263ctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...779/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


-- HijackThis Fixed Entries (C:\Documents and Settings\admin\Desktop\backups\) --

backup-20070221-234636-172 O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
backup-20070221-234636-205 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
backup-20070221-234636-322 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
backup-20070221-234636-426 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
backup-20070221-234636-589 O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZN
backup-20070221-234636-601 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
backup-20070221-234636-706 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20070221-234636-835 O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
backup-20070221-234636-841 O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
backup-20070221-234636-884 O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
backup-20070221-234636-973 O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 aeaudio - system32\drivers\aeaudio.sys
1 Avg7Core (AVG7 Kernel) - \SystemRoot\System32\Drivers\avg7core.sys
1 Avg7RsW (AVG7 Wrap Driver) - \SystemRoot\System32\Drivers\avg7rsw.sys
1 Avg7RsXP (AVG7 Resident Driver XP) - \SystemRoot\System32\Drivers\avg7rsxp.sys
1 AvgClean (AVG7 Clean Driver) - \SystemRoot\System32\Drivers\avgclean.sys
2 AvgTdi (AVG Network Redirector) - \SystemRoot\System32\Drivers\avgtdi.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 ialm - System32\DRIVERS\ialmnt5.sys
1 InCDPass - System32\DRIVERS\InCDPass.sys
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 mamotou - system32\DRIVERS\mamotou.sys
2 MaVctrl - system32\DRIVERS\MaVc2K.sys
3 moufiltr (Mouse Filter Driver) - system32\DRIVERS\moufiltr.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
0 PCIIde - System32\DRIVERS\pciide.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - System32\DRIVERS\RTL8139.SYS
0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - System32\drivers\sfdrv01.sys
0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - System32\drivers\sfhlp02.sys
0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - System32\drivers\sfvfs02.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
3 smwdm - system32\drivers\smwdm.sys
3 snpstd2 (USB PC Camera (SN9C103)) - system32\DRIVERS\snpstd2.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbaudio (USB Audio Driver (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbsermpt (Motorola USB Modem Driver for MPT) - system32\DRIVERS\usbsermpt.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
3 WpdUsb - System32\Drivers\wpdusb.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys
3 z520bus (Sony Ericsson 520 driver (WDM)) - system32\DRIVERS\z520bus.sys
3 z520mdfl (Sony Ericsson 520 USB WMC Modem Filter) - system32\DRIVERS\z520mdfl.sys
3 z520mdm (Sony Ericsson 520 USB WMC Modem Drivers) - system32\DRIVERS\z520mdm.sys
3 z520mgmt (Sony Ericsson 520 USB WMC Device Management Drivers) - system32\DRIVERS\z520mgmt.sys
3 z520obex (Sony Ericsson 520 USB WMC OBEX Interface Drivers) - system32\DRIVERS\z520obex.sys
3 {6080A529-897E-4629-A488-ABA0C29B635E} (Intel® Graphics Platform (SoftBIOS) Driver) - system32\drivers\ialmsbw.sys
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel® Graphics Chipset (KCH) Driver) - system32\drivers\ialmkchw.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
2 Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
2 AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
4 Client IP-IPX - "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-16 13:34:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-22 and 2007-02-22 ------------------------------

2007-02-21 23:49:59 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-21 22:27:25 0 d-------- C:\Program Files\Common Files\{20FFCB07-095E-1033-0827-040825200001}<{20FFC~3>
2007-02-21 20:28:39 2 ---hs---- C:\WINDOWS\system32\taskkill.com
2007-02-21 20:28:39 2 ---hs---- C:\WINDOWS\system32\netstat.com
2007-02-21 16:41:11 0 d-------- C:\Program Files\1 Click PC Fix 2007<1CLICK~1>
2007-02-21 15:55:02 0 d-------- C:\!KillBox
2007-02-21 15:43:11 0 d-------- C:\Program Files\MalwareBot<MALWAR~1>
2007-02-21 13:57:32 0 d-------- C:\Program Files\webHancer<WEBHAN~1>
2007-02-21 11:14:15 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE><Unsigned: n/a>
2007-02-21 10:44:13 0 d--h----- C:\Documents and Settings\All Users\Application Data\nfo
2007-02-21 10:44:07 0 d-------- C:\Program Files\InetGet2
2007-02-21 00:16:12 0 d-------- C:\Program Files\Common Files\{20FFCB07-095F-1033-0827-040825200001}<{20FFC~2>
2007-02-20 23:22:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-02-20 22:34:59 36864 --a------ C:\WINDOWS\system32\svchosts.exe<Unsigned: n/a>
2007-02-20 15:00:07 1154 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 14:59:13 79360 --a------ C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-20 14:59:13 40960 --a------ C:\WINDOWS\system32\swsc.exe<Unsigned: n/a>
2007-02-20 14:59:13 135168 --a------ C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX>
2007-02-20 14:59:13 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-20 14:59:13 53248 --a------ C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-20 14:59:13 51200 --a------ C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a>
2007-02-20 01:45:00 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-16 18:02:53 0 d-------- C:\Program Files\SpywareBot<SPYWAR~1>
2007-02-15 19:12:40 12288625 -----n--- C:\AVG7QT.DAT
2007-02-15 19:11:26 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-15 19:06:24 0 d-------- C:\Documents and Settings\admin\Application Data\AVG7
2007-02-15 19:06:14 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-02-15 19:06:08 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-15 19:06:08 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-15 19:05:55 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-15 19:05:54 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-15 19:05:51 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-15 19:05:45 0 d-------- C:\Program Files\Grisoft
2007-02-15 19:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-02-15 01:55:38 0 d-------- C:\Documents and Settings\admin\Application Data\Registry Cleaner<REGIST~1>
2007-02-15 01:43:38 0 d-------- C:\Documents and Settings\admin\.housecall6.6<HOUSEC~1.6>
2007-02-14 18:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited<RIVERD~1>
2007-02-14 18:54:46 35840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS<Signed: Oak Technology Inc.>
2007-02-14 18:54:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund Software<BRODER~1>
2007-02-14 18:53:08 0 d-------- C:\Program Files\Web Publish<WEBPUB~1>
2007-02-14 18:53:00 970752 --a------ C:\WINDOWS\system32\cdintf210.dll<CDINTF~1.DLL><Unsigned: Amyuni Technologies>
2007-02-14 18:48:35 0 d-------- C:\Program Files\Common Files\Broderbund<BRODER~1>
2007-02-14 18:48:20 0 d-------- C:\Program Files\PrintMaster Gold 17<PRINTM~1>
2007-02-14 18:43:42 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-02-14 03:59:36 0 d--h----- C:\Program Files\Common Files\Uninstall Information<UNINST~1>
2007-02-14 03:59:36 0 d--h----- C:\Documents and Settings\All Users\Application Data\vidmon
2007-02-14 03:28:40 2 --a------ C:\WINDOWS\system32\wapisvit.exe<Unsigned: n/a>
2007-02-14 03:28:28 0 d-------- C:\Program Files\??crosoft.NET
2007-02-14 02:57:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-02-14 02:57:34 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs<UNINST~1.VBS>
2007-02-14 02:18:28 0 d-------- C:\Program Files\Common Files\{30FFCB07-095F-1033-0827-040825200001}<{30FFC~2>
2007-02-14 01:43:44 0 d-------- C:\Documents and Settings\admin\Application Data\PC Tools<PCTOOL~1>
2007-02-12 22:31:58 0 d-------- C:\Program Files\iPod
2007-02-12 22:31:47 0 d-------- C:\Program Files\iTunes
2007-02-12 22:29:51 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-07 16:10:31 0 d-------- C:\Program Files\Activision<ACTIVI~1>
2007-02-01 19:01:19 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-01-31 21:10:20 62464 --a------ C:\WINDOWS\system32\bszip.dll<Unsigned: BigSpeedSoft>
2007-01-31 21:10:10 0 ---hs---- C:\WINDOWS\system32\tracert.com
2007-01-31 21:10:10 0 ---hs---- C:\WINDOWS\system32\tasklist.com
2007-01-31 21:10:10 0 ---hs---- C:\WINDOWS\system32\regedit.com
2007-01-31 21:10:10 0 ---hs---- C:\WINDOWS\system32\ping.com
2007-01-31 21:10:10 0 ---hs---- C:\WINDOWS\system32\cmd.com
2007-01-31 21:10:10 0 d--hs---- C:\Program Files\outlook
2007-01-31 21:10:10 0 d--hs---- C:\Documents and Settings\admin\Complete


-- Find3M Report ----------------------------------------------------------------

2007-02-18 19:06:15 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-02-18 19:06:15 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 19:05:57 0 d-------- C:\Program Files\Common Files\InterVideo<INTERV~1>
2007-02-16 21:55:04 0 d---s---- C:\Documents and Settings\admin\Application Data\Microsoft<MICROS~1>
2007-02-12 22:32:20 0 d-------- C:\Documents and Settings\admin\Application Data\Apple Computer<APPLEC~1>
2007-02-12 22:31:23 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-07 12:44:10 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys<Unsigned: Microsoft Corporation>
2007-01-31 21:22:02 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2007-01-31 21:17:45 0 d-------- C:\Program Files\LimeWire
2007-01-14 23:54:08 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2006-12-30 18:55:33 0 d-------- C:\Program Files\LG Electronics<LGELEC~1>
2006-12-30 18:55:20 0 d-------- C:\Program Files\LGGSM


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"StandardInstall"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"FLMK08KB"="C:\\Program Files\\Multimedia keyboard utility\\KbdAp32A.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"="1"
"NoAdminPage"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{20FFCB07-0960-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-0960-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"
"{20FFCB07-095F-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-095F-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{20FFCB07-095F-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-095F-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"
"{20FFCB07-0960-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-0960-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"
"{20FFCB07-095E-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-095E-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{20FFCB07-095F-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-095F-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"
"{20FFCB07-0960-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-0960-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"
"{20FFCB07-095E-1033-0827-040825200001}"="\"C:\\Program Files\\Common Files\\{20FFCB07-095E-1033-0827-040825200001}\\Update.exe\" te-110-12-0000282"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-02-22 at 00:31:34 -------------------------

[Advertisements]

ComboScan v20070212.14 run by admin on 2007-02-22 at 00:29:49
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 246.73 MiB / 71.48 MiB
Pagefile Memory (total/avail): 605.81 MiB / 407.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.94 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 51.39 GiB free.
D: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.441 v7.5.441 (GRISOFT)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\admin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ABC-60CDB79OMG9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\admin
LOGONSERVER=\\ABC-60CDB79OMG9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;P¤
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\admin\LOCALS~1\Temp
USERDOMAIN=ABC-60CDB79OMG9
USERNAME=admin
USERPROFILE=C:\Documents and Settings\admin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ----------------------------------------------------------------

admin (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced System Optimizer 2.01 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.8 --> MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> C:\Documents and Settings\admin\Desktop\HijackThis.exe /uninstall
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
Invoice Sheet Manager V5.0 --> C:\Program Files\Invoice Sheet Manager V5.0\uninstal.exe
IpWins --> C:\Program Files\Ipwindows\Uninst.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9
LG USB Modem Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MediaFACE 4.2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E129EC5D-FC37-4260-B6B7-1113D8613A89} /l1033
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Multimedia keyboard utility --> C:\Program Files\Multimedia keyboard utility\uninst00.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OIN --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
PrintMaster Gold 17 --> MsiExec.exe /I{C4DCAD15-B754-4FD9-8035-713FE919B118}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Samsung yepp YP-T5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85CC78F7-8364-4E66-A2D0-A216A53EC4BD}\Setup.exe" -l0x9
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
SopCast 1.0.1 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
USB PC Camera (SN9C103) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
WebDP 2.07 --> C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
Wireless Optical Mouse --> C:\Program Files\Wireless Optical Mouse\uninst00.exe


-- End of ComboScan: finished at 2007-02-22 at 00:31:34 -------------------------

[mobs420]

ComboScan v20070212.14 run by admin on 2007-02-22 at 00:29:49
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 246.73 MiB / 71.48 MiB
Pagefile Memory (total/avail): 605.81 MiB / 407.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.94 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 51.39 GiB free.
D: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.441 v7.5.441 (GRISOFT)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\admin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ABC-60CDB79OMG9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\admin
LOGONSERVER=\\ABC-60CDB79OMG9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;P¤
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\admin\LOCALS~1\Temp
USERDOMAIN=ABC-60CDB79OMG9
USERNAME=admin
USERPROFILE=C:\Documents and Settings\admin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ----------------------------------------------------------------

admin (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced System Optimizer 2.01 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.8 --> MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> C:\Documents and Settings\admin\Desktop\HijackThis.exe /uninstall
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
Invoice Sheet Manager V5.0 --> C:\Program Files\Invoice Sheet Manager V5.0\uninstal.exe
IpWins --> C:\Program Files\Ipwindows\Uninst.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9
LG USB Modem Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MediaFACE 4.2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E129EC5D-FC37-4260-B6B7-1113D8613A89} /l1033
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Multimedia keyboard utility --> C:\Program Files\Multimedia keyboard utility\uninst00.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OIN --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
PrintMaster Gold 17 --> MsiExec.exe /I{C4DCAD15-B754-4FD9-8035-713FE919B118}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Samsung yepp YP-T5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85CC78F7-8364-4E66-A2D0-A216A53EC4BD}\Setup.exe" -l0x9
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
SopCast 1.0.1 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
USB PC Camera (SN9C103) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
WebDP 2.07 --> C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
Wireless Optical Mouse --> C:\Program Files\Wireless Optical Mouse\uninst00.exe


-- End of ComboScan: finished at 2007-02-22 at 00:31:34 -------------------------

[mobs420]

WHAT A HAPPNED UR GONE

[mobs420]

im kinda stuck here blind dont no what to do u have been a huge help so far but now my computor has all these differnt setting that u told me to do no what

[loophole]

• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\Program Files\Common Files\{20FFCB07-095E-1033-0827-040825200001}
  C:\WINDOWS\system32\taskkill.com
  C:\WINDOWS\system32\netstat.com
  C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
  C:\WINDOWS\system32\tracert.com
  C:\WINDOWS\system32\tasklist.com
  C:\WINDOWS\system32\regedit.com
  C:\WINDOWS\system32\ping.com
  C:\WINDOWS\system32\cmd.com
  C:\Program Files\outlook
  C:\Documents and Settings\LocalService\Application Data\NetMon
  C:\Program Files\SpywareBot
  C:\WINDOWS\system32\wapisvit.exe
  
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If it comes with a log please post it .

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
• Now click the Run Scan button on the toolbar.
• The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Regards,

[mobs420]

(when it was scaning avg showed a trojan virus.I chose to heal it was close to the start of the winpfind scan if that means anything)

WinPFind3 logfile created on: 2/22/2007 7:43:32 PM
WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

252656 Kb Total Physical Memory | 117776 Kb Available Physical Memory | 46.62% Memory free
620288 Kb Paging File | 444052 Kb Available in Paging File | 71.59% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80027764 Kb Total Space | 53847324 Kb Free Space | 67.29% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 324096 bytes | Modified Date = 2/15/2007 7:11:40 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 1151090 bytes | Modified Date = 6/4/2004 4:32:24 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
kbdap32a.exe -> %ProgramFiles%\Multimedia keyboard utility\KBDAP32A.EXE -> [Ver = 3.9.0.1 | Size = 401408 bytes | Modified Date = 11/20/2006 9:53:10 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 6:37:10 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 6:32:56 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 12/17/2006 1:49:38 PM | Attr = ]
update.exe -> %CommonProgramFiles%\{20FFCB07-095F-1033-0827-040825200001}\Update.exe -> [Ver = | Size = 13312 bytes | Modified Date = 2/21/2007 12:18:46 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 2/12/2007 9:39:14 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 324096 bytes | Modified Date = 2/15/2007 7:11:40 PM | Attr = ]
(Client IP-IPX) Client IP-IPX [Win32_Own | Disabled | Stopped] -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2/20/2007 10:59:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 1151090 bytes | Modified Date = 6/4/2004 4:32:24 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 6:37:10 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
FLMK08KB -> %ProgramFiles%\Multimedia keyboard utility\KBDAP32A.EXE -> [Ver = 3.9.0.1 | Size = 401408 bytes | Modified Date = 11/20/2006 9:53:10 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 2:50:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
StandardInstall -> -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 12/17/2006 1:49:38 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\Event Reminder.lnk -> %ProgramFiles%\PrintMaster Gold 17\Remind.exe -> Broderbund Properties LLC [Ver = 17, 0, 0, 0039 | Size = 344064 bytes | Modified Date = 2/22/2006 11:45:54 AM | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [open] -> "%1" ->
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{44BBA851-CC51-11CF-AAFA-00AA00B6015C} -> rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserRemove ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> SsiEfr.e; ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2350 | Size = 323584 bytes | Modified Date = 12/14/2003 12:06:34 PM | Attr = R ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ÿ
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-0960-1033-0827-040825200001} -> "C:\Program Files\Common Files\{20FFCB07-0960-1033-0827-040825200001}\Update.exe" te-110-12-0000282 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-095F-1033-0827-040825200001} -> "C:\Program Files\Common Files\{20FFCB07-095F-1033-0827-040825200001}\Update.exe" te-110-12-0000282 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoAdminPage -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (680 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.c...rch/search.html ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Start Page -> http://www.google.ca/firefox ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %SystemDrive%\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [PCTools Site Guard] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %SystemDrive%\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [PCTools Browser Monitor] -> File not found
{CF7C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> %ProgramFiles%\Advanced System Optimizer\IEHelper.dll [IEPlugin Class] -> Systweak Inc [Ver = 1, 0, 1, 0 | Size = 83456 bytes | Modified Date = 5/8/2004 8:59:04 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8193 - Reg Data - Value does not exist ->
{49783ED4-258D-4f9f-BE11-137C18D3E543} -> 8194 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->
NextId -> 8196 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> Reg Data - Key not found [AlcoholShellEx] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{336B02CE-F88A-4aea-8731-79EF94D3723A} [HKLM] -> %SystemRoot%\aod\aodshext.dll [Free AOL & Unlimited Internet.url] -> [Ver = | Size = 69632 bytes | Modified Date = 10/31/2002 1:15:28 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} [HKLM] -> %ProgramFiles%\Fellowes\MediaFACE 4.2\MFShlExt.dll [MediaFace extension] -> Fellowes, Inc. [Ver = 4,2,79,0 | Size = 86016 bytes | Modified Date = 3/28/2005 3:45:26 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 151670 bytes | Modified Date = 6/4/2004 4:34:22 PM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 12/17/2006 1:50:06 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> %ProgramFiles%\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 1, 0, 1, 0 | Size = 40960 bytes | Modified Date = 5/8/2004 8:53:00 PM | Attr = ]
{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} [HKLM] -> %ProgramFiles%\Fellowes\MediaFACE 4.2\MFShlExt.dll [MediaFaceExtension] -> Fellowes, Inc. [Ver = 4,2,79,0 | Size = 86016 bytes | Modified Date = 3/28/2005 3:45:26 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> %ProgramFiles%\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 1, 0, 1, 0 | Size = 40960 bytes | Modified Date = 5/8/2004 8:53:00 PM | Attr = ]
{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} [HKLM] -> %ProgramFiles%\Fellowes\MediaFACE 4.2\MFShlExt.dll [MediaFaceExtension] -> Fellowes, Inc. [Ver = 4,2,79,0 | Size = 86016 bytes | Modified Date = 3/28/2005 3:45:26 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.2350 | Size = 204800 bytes | Modified Date = 12/14/2003 12:19:42 PM | Attr = R ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [InCDMenu] -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 151670 bytes | Modified Date = 6/4/2004 4:34:22 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{204354DD-AD1A-425F-B6D2-947AE1CA7D7D} -> () ->
{DC12DBE7-4353-4961-BEC4-1DB6C37078A1} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -> HouseCall Control - CodeBase = http://housecall60.t...all/xscan60.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{1754A1BA-A1DF-4F10-B199-AA55AA1A120F} -> InstallerBehaviorFactory Class - CodeBase = https://signup.msn.c...es/MsnInstC.cab ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://eu-housecall....ivex/hcImpl.cab ->
{2B323CD9-50E3-11D3-9466-00A0C9700498} -> - CodeBase = http://us.chat1.yimg...v45/yacscom.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.micr.../WebCleaner.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcaf...01/mcinsctl.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by20fd.bay20....es/MsnPUpld.cab ->
{66D393D5-4D80-497C-9F4F-F3839E090202} -> PlayerOCX Control - CodeBase = http://www.pysoft.co...amPlayerOCX.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1124405933109 ->
{85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -> SecureLogin class - CodeBase = http://secure2.comne...login-devel.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> CamImage Class - CodeBase = http://wpotc.kpdsb.o...sCamControl.cab ->
{A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} -> VaPgCtrl Class - CodeBase = http://www.dlink.com...in/h263ctrl.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.m...ash/swflash.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcaf...779/mcfscan.cab ->
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> MSN Chat Control 4.5 - CodeBase = http://chat.msn.com/...s/msnchat45.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files - Created Within 30 days]
AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [Ver = | Size = 12288625 bytes | Created Date = 2/15/2007 7:12:40 PM | Attr = ]
LSWMV.INI -> %SystemDrive%\LSWMV.INI -> [Ver = | Size = 48 bytes | Created Date = 2/14/2007 3:59:37 AM | Attr = HS]
brittany102.rtf -> %UserDocuments%\brittany102.rtf -> [Ver = | Size = 3630 bytes | Created Date = 2/2/2007 6:52:52 PM | Attr = ]
btittany 101.rtf -> %UserDocuments%\btittany 101.rtf -> [Ver = | Size = 718 bytes | Created Date = 2/2/2007 6:46:58 PM | Attr = ]
CELL WORLD FLYER.lblf -> %UserDocuments%\CELL WORLD FLYER.lblf -> [Ver = | Size = 4048159 bytes | Created Date = 2/12/2007 9:55:51 PM | Attr = ]
djs flyer.nws -> %UserDocuments%\djs flyer.nws -> [Ver = | Size = 361984 bytes | Created Date = 2/15/2007 1:52:41 AM | Attr = ]
Document.rtf -> %UserDocuments%\Document.rtf -> [Ver = | Size = 718 bytes | Created Date = 2/2/2007 6:46:08 PM | Attr = ]
motorola used price list.rtf -> %UserDocuments%\motorola used price list.rtf -> [Ver = | Size = 64671 bytes | Created Date = 2/5/2007 3:16:20 PM | Attr = ]
used lg price list.rtf -> %UserDocuments%\used lg price list.rtf -> [Ver = | Size = 30719 bytes | Created Date = 2/5/2007 3:15:43 PM | Attr = ]
used samsung price list.rtf -> %UserDocuments%\used samsung price list.rtf -> [Ver = | Size = 49426 bytes | Created Date = 2/5/2007 3:14:24 PM | Attr = ]
used sony erricssion price list.rtf -> %UserDocuments%\used sony erricssion price list.rtf -> [Ver = | Size = 26387 bytes | Created Date = 2/5/2007 3:13:33 PM | Attr = ]
XXXXX.lblf -> %UserDocuments%\XXXXX.lblf -> [Ver = | Size = 542142 bytes | Created Date = 2/12/2007 9:56:03 PM | Attr = ]
AVG Free.lnk -> %AllUsersDesktop%\AVG Free.lnk -> [Ver = | Size = 1564 bytes | Created Date = 2/15/2007 7:06:09 PM | Attr = ]
Broderbund.com.lnk -> %AllUsersDesktop%\Broderbund.com.lnk -> [Ver = | Size = 1705 bytes | Created Date = 2/14/2007 6:52:16 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 2/12/2007 10:32:06 PM | Attr = ]
PrintMaster Gold 17.lnk -> %AllUsersDesktop%\PrintMaster Gold 17.lnk -> [Ver = | Size = 1662 bytes | Created Date = 2/14/2007 6:52:16 PM | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 2/12/2007 10:31:15 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 2/16/2007 6:17:17 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 2/22/2007 7:39:04 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1757 bytes | Created Date = 2/20/2007 1:52:00 AM | Attr = ]
Event Reminder.lnk -> %AllUsersStartup%\Event Reminder.lnk -> [Ver = | Size = 685 bytes | Created Date = 2/14/2007 6:52:16 PM | Attr = ]
uninstall_nmon.vbs -> %SystemRoot%\uninstall_nmon.vbs -> [Ver = | Size = 1989 bytes | Created Date = 2/14/2007 2:57:34 AM | Attr = ]
bszip.dll -> %System32%\bszip.dll -> BigSpeedSoft [Ver = 3.0.2.0 | Size = 62464 bytes | Created Date = 1/31/2007 9:10:20 PM | Attr = ]
cdintf210.dll -> %System32%\cdintf210.dll -> Amyuni Technologies
http://www.amyuni.com [Ver = 2.10d | Size = 970752 bytes | Created Date = 2/14/2007 6:53:00 PM | Attr = ]
ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico -> [Ver = | Size = 2238 bytes | Created Date = 2/14/2007 6:58:17 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Created Date = 2/20/2007 10:34:59 PM | Attr = ]
svchosts.exe.lzma -> %System32%\svchosts.exe.lzma -> [Ver = | Size = 17781 bytes | Created Date = 2/21/2007 12:18:16 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1154 bytes | Created Date = 2/20/2007 3:00:07 PM | Attr = ]
AFS2K.SYS -> %System32%\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Created Date = 2/14/2007 6:54:46 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Created Date = 2/15/2007 7:05:51 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 2/15/2007 7:05:54 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Created Date = 2/15/2007 7:05:55 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/15/2007 7:06:08 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Created Date = 2/15/2007 7:11:26 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 2/15/2007 7:06:08 PM | Attr = ]

[Files - Modified Within 30 days]
AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [Ver = | Size = 12288625 bytes | Modified Date = 2/15/2007 7:12:44 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 194 bytes | Modified Date = 2/20/2007 1:52:02 AM | Attr = RHS]
LSWMV.INI -> %SystemDrive%\LSWMV.INI -> [Ver = | Size = 48 bytes | Modified Date = 2/21/2007 10:55:58 PM | Attr = HS]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 220680 bytes | Modified Date = 2/14/2007 7:08:36 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4311738 bytes | Modified Date = 2/21/2007 11:09:54 PM | Attr = H ]
brittany102.rtf -> %UserDocuments%\brittany102.rtf -> [Ver = | Size = 3630 bytes | Modified Date = 2/2/2007 6:52:54 PM | Attr = ]
btittany 101.rtf -> %UserDocuments%\btittany 101.rtf -> [Ver = | Size = 718 bytes | Modified Date = 2/2/2007 6:47:00 PM | Attr = ]
CELL WORLD FLYER.lblf -> %UserDocuments%\CELL WORLD FLYER.lblf -> [Ver = | Size = 4048159 bytes | Modified Date = 2/12/2007 9:55:54 PM | Attr = ]
djs flyer.nws -> %UserDocuments%\djs flyer.nws -> [Ver = | Size = 361984 bytes | Modified Date = 2/15/2007 8:42:56 AM | Attr = ]
Document.rtf -> %UserDocuments%\Document.rtf -> [Ver = | Size = 718 bytes | Modified Date = 2/2/2007 6:46:10 PM | Attr = ]
motorola used price list.rtf -> %UserDocuments%\motorola used price list.rtf -> [Ver = | Size = 64671 bytes | Modified Date = 2/5/2007 3:16:22 PM | Attr = ]
used lg price list.rtf -> %UserDocuments%\used lg price list.rtf -> [Ver = | Size = 30719 bytes | Modified Date = 2/5/2007 3:15:44 PM | Attr = ]
used samsung price list.rtf -> %UserDocuments%\used samsung price list.rtf -> [Ver = | Size = 49426 bytes | Modified Date = 2/5/2007 3:14:26 PM | Attr = ]
used sony erricssion price list.rtf -> %UserDocuments%\used sony erricssion price list.rtf -> [Ver = | Size = 26387 bytes | Modified Date = 2/5/2007 3:13:34 PM | Attr = ]
XXXXX.lblf -> %UserDocuments%\XXXXX.lblf -> [Ver = | Size = 542142 bytes | Modified Date = 2/12/2007 9:56:04 PM | Attr = ]
AVG Free.lnk -> %AllUsersDesktop%\AVG Free.lnk -> [Ver = | Size = 1564 bytes | Modified Date = 2/15/2007 7:06:10 PM | Attr = ]
Broderbund.com.lnk -> %AllUsersDesktop%\Broderbund.com.lnk -> [Ver = | Size = 1705 bytes | Modified Date = 2/14/2007 6:52:18 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2/14/2007 12:26:12 PM | Attr = ]
PrintMaster Gold 17.lnk -> %AllUsersDesktop%\PrintMaster Gold 17.lnk -> [Ver = | Size = 1662 bytes | Modified Date = 2/14/2007 6:52:18 PM | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 2/12/2007 10:31:16 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2/16/2007 6:17:18 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 2/22/2007 7:39:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Event Reminder.lnk -> %AllUsersStartup%\Event Reminder.lnk -> [Ver = | Size = 685 bytes | Modified Date = 2/14/2007 6:52:18 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/22/2007 2:00:08 AM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 2/16/2007 7:53:14 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 2/21/2007 12:23:54 AM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 2/20/2007 1:52:02 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1197 bytes | Modified Date = 2/20/2007 1:52:02 AM | Attr = ]
bszip.dll -> %System32%\bszip.dll -> BigSpeedSoft [Ver = 3.0.2.0 | Size = 62464 bytes | Modified Date = 1/31/2007 9:10:22 PM | Attr = ]
ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico -> [Ver = | Size = 2238 bytes | Modified Date = 2/14/2007 6:58:18 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Modified Date = 2/20/2007 2:58:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 667392 bytes | Modified Date = 2/15/2007 2:02:36 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62286 bytes | Modified Date = 2/15/2007 8:58:48 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400624 bytes | Modified Date = 2/15/2007 8:58:48 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 458958 bytes | Modified Date = 2/15/2007 8:58:48 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 2/20/2007 2:58:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2/20/2007 10:59:00 PM | Attr = ]
svchosts.exe.lzma -> %System32%\svchosts.exe.lzma -> [Ver = | Size = 17781 bytes | Modified Date = 2/21/2007 12:18:40 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1154 bytes | Modified Date = 2/20/2007 10:53:42 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1374 bytes | Modified Date = 2/22/2007 2:01:06 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/15/2007 7:05:56 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2/15/2007 7:06:10 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/15/2007 7:06:10 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\cd rich.jpg:Zone.Identifier ->
File scan skipped for file %UserDocuments%\s -> File size too big (111142400 bytes) ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\lpt$vpn.969 -> [Ver = | Size = 16569719 bytes | Modified Date = 11/24/2005 1:15:22 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\RMAgentOutput.dll -> [Ver = | Size = 25157 bytes | Modified Date = 5/3/2005 11:44:44 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 1/10/2005 4:17:24 PM | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.969 -> [Ver = | Size = 16569719 bytes | Modified Date = 11/24/2005 1:15:22 PM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 2/18/2005 6:40:14 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
Thawte Consulting , -> %System32%\pxwma.dll -> Sonic Solutions [Ver = 1, 0, 0, 3 | Size = 157352 bytes | Modified Date = 3/6/2006 5:33:46 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 12/17/2006 1:50:18 PM | Attr = ]
PEC2 , Thawte Consulting , USERTRUST , -> %System32%\RO38CC.bac -> [Ver = | Size = 15728640 bytes | Modified Date = 1/14/2006 12:09:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >

[loophole]

Hi

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Processes - Non-Microsoft Only]
YY -> update.exe -> %CommonProgramFiles%\{20FFCB07-095F-1033-0827-040825200001}\Update.exe
[Win32 Services - Non-Microsoft Only]
YN -> (Client IP-IPX) Client IP-IPX [Win32_Own | Disabled | Stopped] -> %System32%\svchosts.exe
[Registry - Non-Microsoft Only]
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-0960-1033-0827-040825200001} -> "C:\Program Files\Common Files\{20FFCB07-0960-1033-0827-040825200001}\Update.exe" te-110-12-0000282
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-095F-1033-0827-040825200001} -> "C:\Program Files\Common Files\{20FFCB07-095F-1033-0827-040825200001}\Update.exe" te-110-12-0000282
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoAdminPage -> 1
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files - Created Within 30 days]
NY -> svchosts.exe -> %System32%\svchosts.exe
NY -> svchosts.exe.lzma -> %System32%\svchosts.exe.lzma
[Files - Modified Within 30 days]
NY -> ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico
NY -> svchosts.exe -> %System32%\svchosts.exe
NY -> svchosts.exe.lzma -> %System32%\svchosts.exe.lzma

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post a new hijack log,
The winpfind log that will be created, also let me know exactly what is wrong with the system right now

[mobs420]

hey i did what u said paste and fix and my computor shut off in the middle of the scan evr since the virus came my firwall settings have been different and i have been able to use my security settings here is an updated hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:02:03 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\admin\Desktop\FIX\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.co...amPlayerOCX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124405933109
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://wpotc.kpdsb.o...sCamControl.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com...in/h263ctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...779/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[loophole]

Hi

did it shut off or reboot? Can you look in the Winpfind3u folder and see if there is a log there (.log).

[mobs420]

I think this is the same one as lastime but here it is the computor just shut off it didnt reboot
also in the folder for moved files theres nothing there.
WinPFind3 logfile created on: 2/22/2007 7:43:32 PM
WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

252656 Kb Total Physical Memory | 117776 Kb Available Physical Memory | 46.62% Memory free
620288 Kb Paging File | 444052 Kb Available in Paging File | 71.59% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80027764 Kb Total Space | 53847324 Kb Free Space | 67.29% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 324096 bytes | Modified Date = 2/15/2007 7:11:40 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 1151090 bytes | Modified Date = 6/4/2004 4:32:24 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
kbdap32a.exe -> %ProgramFiles%\Multimedia keyboard utility\KBDAP32A.EXE -> [Ver = 3.9.0.1 | Size = 401408 bytes | Modified Date = 11/20/2006 9:53:10 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 6:37:10 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 6:32:56 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 12/17/2006 1:49:38 PM | Attr = ]
update.exe -> %CommonProgramFiles%\{20FFCB07-095F-1033-0827-040825200001}\Update.exe -> [Ver = | Size = 13312 bytes | Modified Date = 2/21/2007 12:18:46 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 2/12/2007 9:39:14 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 324096 bytes | Modified Date = 2/15/2007 7:11:40 PM | Attr = ]
(Client IP-IPX) Client IP-IPX [Win32_Own | Disabled | Stopped] -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2/20/2007 10:59:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 1151090 bytes | Modified Date = 6/4/2004 4:32:24 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 6:37:10 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 2/15/2007 7:11:38 PM | Attr = ]
FLMK08KB -> %ProgramFiles%\Multimedia keyboard utility\KBDAP32A.EXE -> [Ver = 3.9.0.1 | Size = 401408 bytes | Modified Date = 11/20/2006 9:53:10 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 2:50:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
StandardInstall -> -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 12/17/2006 1:49:38 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\Event Reminder.lnk -> %ProgramFiles%\PrintMaster Gold 17\Remind.exe -> Broderbund Properties LLC [Ver = 17, 0, 0, 0039 | Size = 344064 bytes | Modified Date = 2/22/2006 11:45:54 AM | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [open] -> "%1" ->
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{44BBA851-CC51-11CF-AAFA-00AA00B6015C} -> rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserRemove ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> SsiEfr.e; ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2350 | Size = 323584 bytes | Modified Date = 12/14/2003 12:06:34 PM | Attr = R ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ÿ
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-0960-1033-0827-040825200001} -> "C:\Program Files\Common Files\{20FFCB07-0960-1033-0827-040825200001}\Update.exe" te-110-12-0000282 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-095F-1033-0827-040825200001} -> "C:\Program Files\Common Files\{20FFCB07-095F-1033-0827-040825200001}\Update.exe" te-110-12-0000282 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoAdminPage -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (680 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.c...rch/search.html ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Start Page -> http://www.google.ca/firefox ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %SystemDrive%\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [PCTools Site Guard] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %SystemDrive%\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [PCTools Browser Monitor] -> File not found
{CF7C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> %ProgramFiles%\Advanced System Optimizer\IEHelper.dll [IEPlugin Class] -> Systweak Inc [Ver = 1, 0, 1, 0 | Size = 83456 bytes | Modified Date = 5/8/2004 8:59:04 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8193 - Reg Data - Value does not exist ->
{49783ED4-258D-4f9f-BE11-137C18D3E543} -> 8194 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->
NextId -> 8196 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> Reg Data - Key not found [AlcoholShellEx] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{336B02CE-F88A-4aea-8731-79EF94D3723A} [HKLM] -> %SystemRoot%\aod\aodshext.dll [Free AOL & Unlimited Internet.url] -> [Ver = | Size = 69632 bytes | Modified Date = 10/31/2002 1:15:28 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} [HKLM] -> %ProgramFiles%\Fellowes\MediaFACE 4.2\MFShlExt.dll [MediaFace extension] -> Fellowes, Inc. [Ver = 4,2,79,0 | Size = 86016 bytes | Modified Date = 3/28/2005 3:45:26 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 151670 bytes | Modified Date = 6/4/2004 4:34:22 PM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 12/17/2006 1:50:06 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> %ProgramFiles%\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 1, 0, 1, 0 | Size = 40960 bytes | Modified Date = 5/8/2004 8:53:00 PM | Attr = ]
{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} [HKLM] -> %ProgramFiles%\Fellowes\MediaFACE 4.2\MFShlExt.dll [MediaFaceExtension] -> Fellowes, Inc. [Ver = 4,2,79,0 | Size = 86016 bytes | Modified Date = 3/28/2005 3:45:26 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> %ProgramFiles%\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 1, 0, 1, 0 | Size = 40960 bytes | Modified Date = 5/8/2004 8:53:00 PM | Attr = ]
{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} [HKLM] -> %ProgramFiles%\Fellowes\MediaFACE 4.2\MFShlExt.dll [MediaFaceExtension] -> Fellowes, Inc. [Ver = 4,2,79,0 | Size = 86016 bytes | Modified Date = 3/28/2005 3:45:26 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.2350 | Size = 204800 bytes | Modified Date = 12/14/2003 12:19:42 PM | Attr = R ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [InCDMenu] -> Ahead Software AG [Ver = 4, 2, 12, 0 | Size = 151670 bytes | Modified Date = 6/4/2004 4:34:22 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 2/15/2007 7:05:48 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{204354DD-AD1A-425F-B6D2-947AE1CA7D7D} -> () ->
{DC12DBE7-4353-4961-BEC4-1DB6C37078A1} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -> HouseCall Control - CodeBase = http://housecall60.t...all/xscan60.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{1754A1BA-A1DF-4F10-B199-AA55AA1A120F} -> InstallerBehaviorFactory Class - CodeBase = https://signup.msn.c...es/MsnInstC.cab ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://eu-housecall....ivex/hcImpl.cab ->
{2B323CD9-50E3-11D3-9466-00A0C9700498} -> - CodeBase = http://us.chat1.yimg...v45/yacscom.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.micr.../WebCleaner.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcaf...01/mcinsctl.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by20fd.bay20....es/MsnPUpld.cab ->
{66D393D5-4D80-497C-9F4F-F3839E090202} -> PlayerOCX Control - CodeBase = http://www.pysoft.co...amPlayerOCX.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1124405933109 ->
{85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -> SecureLogin class - CodeBase = http://secure2.comne...login-devel.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> CamImage Class - CodeBase = http://wpotc.kpdsb.o...sCamControl.cab ->
{A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} -> VaPgCtrl Class - CodeBase = http://www.dlink.com...in/h263ctrl.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.m...ash/swflash.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcaf...779/mcfscan.cab ->
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> MSN Chat Control 4.5 - CodeBase = http://chat.msn.com/...s/msnchat45.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files - Created Within 30 days]
AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [Ver = | Size = 12288625 bytes | Created Date = 2/15/2007 7:12:40 PM | Attr = ]
LSWMV.INI -> %SystemDrive%\LSWMV.INI -> [Ver = | Size = 48 bytes | Created Date = 2/14/2007 3:59:37 AM | Attr = HS]
brittany102.rtf -> %UserDocuments%\brittany102.rtf -> [Ver = | Size = 3630 bytes | Created Date = 2/2/2007 6:52:52 PM | Attr = ]
btittany 101.rtf -> %UserDocuments%\btittany 101.rtf -> [Ver = | Size = 718 bytes | Created Date = 2/2/2007 6:46:58 PM | Attr = ]
CELL WORLD FLYER.lblf -> %UserDocuments%\CELL WORLD FLYER.lblf -> [Ver = | Size = 4048159 bytes | Created Date = 2/12/2007 9:55:51 PM | Attr = ]
djs flyer.nws -> %UserDocuments%\djs flyer.nws -> [Ver = | Size = 361984 bytes | Created Date = 2/15/2007 1:52:41 AM | Attr = ]
Document.rtf -> %UserDocuments%\Document.rtf -> [Ver = | Size = 718 bytes | Created Date = 2/2/2007 6:46:08 PM | Attr = ]
motorola used price list.rtf -> %UserDocuments%\motorola used price list.rtf -> [Ver = | Size = 64671 bytes | Created Date = 2/5/2007 3:16:20 PM | Attr = ]
used lg price list.rtf -> %UserDocuments%\used lg price list.rtf -> [Ver = | Size = 30719 bytes | Created Date = 2/5/2007 3:15:43 PM | Attr = ]
used samsung price list.rtf -> %UserDocuments%\used samsung price list.rtf -> [Ver = | Size = 49426 bytes | Created Date = 2/5/2007 3:14:24 PM | Attr = ]
used sony erricssion price list.rtf -> %UserDocuments%\used sony erricssion price list.rtf -> [Ver = | Size = 26387 bytes | Created Date = 2/5/2007 3:13:33 PM | Attr = ]
XXXXX.lblf -> %UserDocuments%\XXXXX.lblf -> [Ver = | Size = 542142 bytes | Created Date = 2/12/2007 9:56:03 PM | Attr = ]
AVG Free.lnk -> %AllUsersDesktop%\AVG Free.lnk -> [Ver = | Size = 1564 bytes | Created Date = 2/15/2007 7:06:09 PM | Attr = ]
Broderbund.com.lnk -> %AllUsersDesktop%\Broderbund.com.lnk -> [Ver = | Size = 1705 bytes | Created Date = 2/14/2007 6:52:16 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 2/12/2007 10:32:06 PM | Attr = ]
PrintMaster Gold 17.lnk -> %AllUsersDesktop%\PrintMaster Gold 17.lnk -> [Ver = | Size = 1662 bytes | Created Date = 2/14/2007 6:52:16 PM | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 2/12/2007 10:31:15 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 2/16/2007 6:17:17 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 2/22/2007 7:39:04 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1757 bytes | Created Date = 2/20/2007 1:52:00 AM | Attr = ]
Event Reminder.lnk -> %AllUsersStartup%\Event Reminder.lnk -> [Ver = | Size = 685 bytes | Created Date = 2/14/2007 6:52:16 PM | Attr = ]
uninstall_nmon.vbs -> %SystemRoot%\uninstall_nmon.vbs -> [Ver = | Size = 1989 bytes | Created Date = 2/14/2007 2:57:34 AM | Attr = ]
bszip.dll -> %System32%\bszip.dll -> BigSpeedSoft [Ver = 3.0.2.0 | Size = 62464 bytes | Created Date = 1/31/2007 9:10:20 PM | Attr = ]
cdintf210.dll -> %System32%\cdintf210.dll -> Amyuni Technologies
http://www.amyuni.com [Ver = 2.10d | Size = 970752 bytes | Created Date = 2/14/2007 6:53:00 PM | Attr = ]
ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico -> [Ver = | Size = 2238 bytes | Created Date = 2/14/2007 6:58:17 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Created Date = 2/20/2007 10:34:59 PM | Attr = ]
svchosts.exe.lzma -> %System32%\svchosts.exe.lzma -> [Ver = | Size = 17781 bytes | Created Date = 2/21/2007 12:18:16 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2/20/2007 2:59:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1154 bytes | Created Date = 2/20/2007 3:00:07 PM | Attr = ]
AFS2K.SYS -> %System32%\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Created Date = 2/14/2007 6:54:46 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Created Date = 2/15/2007 7:05:51 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 2/15/2007 7:05:54 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Created Date = 2/15/2007 7:05:55 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/15/2007 7:06:08 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Created Date = 2/15/2007 7:11:26 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 2/15/2007 7:06:08 PM | Attr = ]

[Files - Modified Within 30 days]
AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [Ver = | Size = 12288625 bytes | Modified Date = 2/15/2007 7:12:44 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 194 bytes | Modified Date = 2/20/2007 1:52:02 AM | Attr = RHS]
LSWMV.INI -> %SystemDrive%\LSWMV.INI -> [Ver = | Size = 48 bytes | Modified Date = 2/21/2007 10:55:58 PM | Attr = HS]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 220680 bytes | Modified Date = 2/14/2007 7:08:36 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4311738 bytes | Modified Date = 2/21/2007 11:09:54 PM | Attr = H ]
brittany102.rtf -> %UserDocuments%\brittany102.rtf -> [Ver = | Size = 3630 bytes | Modified Date = 2/2/2007 6:52:54 PM | Attr = ]
btittany 101.rtf -> %UserDocuments%\btittany 101.rtf -> [Ver = | Size = 718 bytes | Modified Date = 2/2/2007 6:47:00 PM | Attr = ]
CELL WORLD FLYER.lblf -> %UserDocuments%\CELL WORLD FLYER.lblf -> [Ver = | Size = 4048159 bytes | Modified Date = 2/12/2007 9:55:54 PM | Attr = ]
djs flyer.nws -> %UserDocuments%\djs flyer.nws -> [Ver = | Size = 361984 bytes | Modified Date = 2/15/2007 8:42:56 AM | Attr = ]
Document.rtf -> %UserDocuments%\Document.rtf -> [Ver = | Size = 718 bytes | Modified Date = 2/2/2007 6:46:10 PM | Attr = ]
motorola used price list.rtf -> %UserDocuments%\motorola used price list.rtf -> [Ver = | Size = 64671 bytes | Modified Date = 2/5/2007 3:16:22 PM | Attr = ]
used lg price list.rtf -> %UserDocuments%\used lg price list.rtf -> [Ver = | Size = 30719 bytes | Modified Date = 2/5/2007 3:15:44 PM | Attr = ]
used samsung price list.rtf -> %UserDocuments%\used samsung price list.rtf -> [Ver = | Size = 49426 bytes | Modified Date = 2/5/2007 3:14:26 PM | Attr = ]
used sony erricssion price list.rtf -> %UserDocuments%\used sony erricssion price list.rtf -> [Ver = | Size = 26387 bytes | Modified Date = 2/5/2007 3:13:34 PM | Attr = ]
XXXXX.lblf -> %UserDocuments%\XXXXX.lblf -> [Ver = | Size = 542142 bytes | Modified Date = 2/12/2007 9:56:04 PM | Attr = ]
AVG Free.lnk -> %AllUsersDesktop%\AVG Free.lnk -> [Ver = | Size = 1564 bytes | Modified Date = 2/15/2007 7:06:10 PM | Attr = ]
Broderbund.com.lnk -> %AllUsersDesktop%\Broderbund.com.lnk -> [Ver = | Size = 1705 bytes | Modified Date = 2/14/2007 6:52:18 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2/14/2007 12:26:12 PM | Attr = ]
PrintMaster Gold 17.lnk -> %AllUsersDesktop%\PrintMaster Gold 17.lnk -> [Ver = | Size = 1662 bytes | Modified Date = 2/14/2007 6:52:18 PM | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 2/12/2007 10:31:16 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2/16/2007 6:17:18 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 2/22/2007 7:39:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Event Reminder.lnk -> %AllUsersStartup%\Event Reminder.lnk -> [Ver = | Size = 685 bytes | Modified Date = 2/14/2007 6:52:18 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/22/2007 2:00:08 AM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 2/16/2007 7:53:14 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 2/21/2007 12:23:54 AM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 2/20/2007 1:52:02 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1197 bytes | Modified Date = 2/20/2007 1:52:02 AM | Attr = ]
bszip.dll -> %System32%\bszip.dll -> BigSpeedSoft [Ver = 3.0.2.0 | Size = 62464 bytes | Modified Date = 1/31/2007 9:10:22 PM | Attr = ]
ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico -> [Ver = | Size = 2238 bytes | Modified Date = 2/14/2007 6:58:18 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Modified Date = 2/20/2007 2:58:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 667392 bytes | Modified Date = 2/15/2007 2:02:36 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62286 bytes | Modified Date = 2/15/2007 8:58:48 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400624 bytes | Modified Date = 2/15/2007 8:58:48 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 458958 bytes | Modified Date = 2/15/2007 8:58:48 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 2/20/2007 2:58:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
svchosts.exe -> %System32%\svchosts.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2/20/2007 10:59:00 PM | Attr = ]
svchosts.exe.lzma -> %System32%\svchosts.exe.lzma -> [Ver = | Size = 17781 bytes | Modified Date = 2/21/2007 12:18:40 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1154 bytes | Modified Date = 2/20/2007 10:53:42 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1374 bytes | Modified Date = 2/22/2007 2:01:06 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/15/2007 7:05:56 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2/15/2007 7:06:10 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/15/2007 7:06:10 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\cd rich.jpg:Zone.Identifier ->
File scan skipped for file %UserDocuments%\s -> File size too big (111142400 bytes) ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\lpt$vpn.969 -> [Ver = | Size = 16569719 bytes | Modified Date = 11/24/2005 1:15:22 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\RMAgentOutput.dll -> [Ver = | Size = 25157 bytes | Modified Date = 5/3/2005 11:44:44 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 1/10/2005 4:17:24 PM | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.969 -> [Ver = | Size = 16569719 bytes | Modified Date = 11/24/2005 1:15:22 PM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 2/18/2005 6:40:14 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
Thawte Consulting , -> %System32%\pxwma.dll -> Sonic Solutions [Ver = 1, 0, 0, 3 | Size = 157352 bytes | Modified Date = 3/6/2006 5:33:46 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 12/17/2006 1:50:18 PM | Attr = ]
PEC2 , Thawte Consulting , USERTRUST , -> %System32%\RO38CC.bac -> [Ver = | Size = 15728640 bytes | Modified Date = 1/14/2006 12:09:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 2/20/2007 2:58:48 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 8:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 2/15/2007 7:11:28 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >

Edited by mobs420, 22 February 2007 - 10:08 PM.

[loophole]

Ok, run the directions from post #22 again, and see if the same thing happens. It should produce a log for you. If not look in the winpfind folder and there should be a log. The name of it will be the date. You dont have to paste the log you just pasted. I will be signing off soon, but will be back tomorrow

[mobs420]

hey i tryed it again and it works it said done reeboot here it is

[Processes - Non-Microsoft Only]
Unable to kill process update.exe .
File C:\Program Files\Common Files\{20FFCB07-095F-1033-0827-040825200001}\Update.exe not found.
[Win32 Services - Non-Microsoft Only]
Service Client IP-IPX stopped successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-0960-1033-0827-040825200001} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{20FFCB07-0960-1033-0827-040825200001} deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{20FFCB07-095F-1033-0827-040825200001} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{20FFCB07-095F-1033-0827-040825200001} deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoAdminPage deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
[Files - Created Within 30 days]
C:\WINDOWS\SYSTEM32\svchosts.exe moved successfully.
C:\WINDOWS\SYSTEM32\svchosts.exe.lzma moved successfully.
[Files - Modified Within 30 days]
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_Intl.ico moved successfully.
File C:\WINDOWS\SYSTEM32\svchosts.exe not found!
File C:\WINDOWS\SYSTEM32\svchosts.exe.lzma not found!
< End of log >
Created on 02/23/2007 00:21:19

[mobs420]

Ok this is still whats wrong the computor still shuts off through scans on avg and spyware search and destroy but ive been able to make a new system restore point and my firewall seems to be working.
I still think theres virusus or corupted system files who knows lol ur the expert u have been awsome so far

[mobs420]

ALSO IN THE USER ACOUNTS ITS SAYS THERE ANOTHER PERSON ON MY COMPTOR I DONT NO IF THATS U BUT ITS SAYS ASP.NET MACHINE A.... IT EVEN HAS A LOGO WITH A YELLOW CAR AND HIS ACCOUNT IS PASSWORD PROTECTED IS THIS BAD. ALSO PERIODICLY AVG SHOWS A TROJAN VIRUS THAT CAN BE HEALED PUT IN THE VIRUS VAULT OR ENABLE ACCES I DUNNO FIRST TIME I SEEN THAT BEFORE (ENABLE ACCESS) WHO KNOWS THE COMPUTOR IS A LOT FASTER THAN BEFORE BUT ITS STILL MESSED UP.
BEFORE THE VIRUSUS CAME I DIDNT EVEN HAVE THE WINDOWS LOG ON SETUP (I HAVE BEFORE) BUT I TURNED IT OFF THEN IT CAME BACK WITH OUT ME EVEN DOING ANYTHING.

[loophole]

Hi again

Please do the following for me. I dont expect it to find alot but it will give me some output that I need.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log