Pages Keep Opening...HELP!

Gateway
April 2, 2007 at 10:10:09
Specs: XP, P 4/1 GB

Recently I have been getting these annoying web pages opening on their own whenever I open or change pages. (Example:Paid Survey Unlimited) It happens in IE and Firefox. I have a HighjackThis Log but not sure what to make of it. I can post the HJT log file if necessary. Any help is appreciated.


See More: Pages Keep Opening...HELP!

Report •


#1
April 2, 2007 at 14:43:50

Please post your Hijack This log.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!


Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Report •

#2
April 2, 2007 at 17:36:24

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:35:53 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\WinAce\WinAce.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {26A9869C-4AA3-45BC-87B4-200EBDC93BAD} - \
O2 - BHO: (no name) - {2EC29A0E-46E9-443B-9DED-571DBB73B93C} - \
O2 - BHO: (no name) - {372B6619-9BB4-449D-8554-296EB6E58610} - \
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {492D4EC4-9647-40B9-B64F-3EE1D308DDB0} - \
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5A109F48-1FF4-429D-9D3F-340D87C62F7B} - \
O2 - BHO: (no name) - {6BDE1532-8F66-4708-89D3-8EDEB921D510} - \
O2 - BHO: (no name) - {6D0347A0-F12F-4C25-90EC-29338ACAB058} - \
O2 - BHO: (no name) - {9E6BD375-2613-4701-8C20-B8CBE080A428} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: 0 - {AAF61EE9-B4CF-45D3-05BB-867BF2CC5059} - C:\Program Files\Online Services\qufa.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CE62F9B3-71BC-43E2-A0AF-DAE57AC1F1C0} - C:\Program Files\WindowsUpdate\mesozile.dll
O2 - BHO: (no name) - {D18B04FE-3B4C-4E43-B5A7-EDF7ABC86CCF} - \
O2 - BHO: (no name) - {E8F83811-D66D-4AEB-A4E9-3A7C2357F68A} - \
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [AcctMgr] D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/as...
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1501...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnli...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/as...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1502...
O18 - Protocol: bw+0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GhostStartService - Unknown owner - E:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - D:\Program Files\SlimServer\server\slim.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Unknown owner - D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 24392 bytes


Report •

#3
April 2, 2007 at 17:37:30

SmitFraudFix v2.162

Scan done at 17:32:25.64, Mon 04/02/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\WinAce\WinAce.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.6.16.245
DNS Server Search Order: 68.6.16.30
DNS Server Search Order: 68.2.16.30

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBDE3588-200E-40BE-9002-7C2263F060FA}: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBDE3588-200E-40BE-9002-7C2263F060FA}: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FBDE3588-200E-40BE-9002-7C2263F060FA}: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Report •

Related Solutions

#4
April 2, 2007 at 19:47:47

Looks as though you have three antivirus programs running which is not a good idea as they will conflict causing major problem. You need to decide which on you want to keep and uninstall the others.

Looks like Nortons is partially uninstalled, if you choose to remove it you should run this uninstaller Nortons Uninstaller

The other should uninstall from add/remove programs.

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked"

O2 - BHO: (no name) - {26A9869C-4AA3-45BC-87B4-200EBDC93BAD} - \

O2 - BHO: (no name) - {2EC29A0E-46E9-443B-9DED-571DBB73B93C} - \

O2 - BHO: (no name) - {372B6619-9BB4-449D-8554-296EB6E58610} - \

O2 - BHO: (no name) - {492D4EC4-9647-40B9-B64F-3EE1D308DDB0} - \

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)


O2 - BHO: (no name) - {5A109F48-1FF4-429D-9D3F-340D87C62F7B} - \

O2 - BHO: (no name) - {6BDE1532-8F66-4708-89D3-8EDEB921D510} - \

O2 - BHO: (no name) - {6D0347A0-F12F-4C25-90EC-29338ACAB058} - \

O2 - BHO: (no name) - {9E6BD375-2613-4701-8C20-B8CBE080A428} - \

O2 - BHO: 0 - {AAF61EE9-B4CF-45D3-05BB-867BF2CC5059} - C:\Program Files\Online Services\qufa.dll

O2 - BHO: (no name) - {CE62F9B3-71BC-43E2-A0AF-DAE57AC1F1C0} - C:\Program Files\WindowsUpdate\mesozile.dll

O2 - BHO: (no name) - {D18B04FE-3B4C-4E43-B5A7-EDF7ABC86CCF} - \

O2 - BHO: (no name) - {E8F83811-D66D-4AEB-A4E9-3A7C2357F68A} - \

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Exit Hijack This

Go to this link, http://www.virustotal.com/en/indexf.html and use the "browse" button to locate these files:

C:\Program Files\Online Services\qufa.dll

C:\Program Files\WindowsUpdate\mesozile.dll

Then double click the first file to enter it into the "upload and scan box", click send, then post the results. Continue untill you have checked all the files.You may have to scroll to the right to see the "send" button.

Rename hijackthis.exe as that sometime helps locate the baddies. Go to start> search> files and folders> type in the top space "hijackthis.exe" without the quotes> click search> when it is found in the right pane (looks like a pile of dynamite)>right click on it> click rename> rename it "show.exe" without the quotes> click a blank space on the screen.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces and a new Hijack this log please.


Report •

#5
April 3, 2007 at 01:29:07

***************************************


************WARNING*********************

DO NOT USE COMBO FIX

There has been a development and a rootkit has be found attached to it...highly reccommended not to use and to remove/delete any copies of the program from your computers.

In The Matters Of Style,
swim with the current;
in matters of principle,
Stand Like A Rock


"People demand freedom of speech to make up for the
freedom of thought which they avoid."


Report •

#6
April 3, 2007 at 10:34:35

So, jabuck is advising me to use combofix and lurkswithin is advising not to. Which is it?

Thanks


Report •

#7
April 3, 2007 at 12:17:36

"Owner" - 07-04-03 12:11:17 Service Pack 2
ComboFix 07-04-03.5 - Running from: "C:\Documents and Settings\Owner\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\install.log
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\system


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_MCHINJDRV


((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 ))))))))))))))))))))))))))))))))))


2007-04-03 10:07 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-02 17:32 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-02 17:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-02 17:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-02 17:32 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-02 17:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-02 17:32 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-02 09:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sun
2007-04-02 00:00 95,760 --a------ C:\WINDOWS\system32\isafeif.dll
2007-04-02 00:00 75,280 --a------ C:\WINDOWS\system32\vetredir.dll
2007-04-02 00:00 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-04-02 00:00 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-04-02 00:00 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-02 00:00 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-04-02 00:00 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-04-02 00:00 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-04-02 00:00 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-04-02 00:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-04-01 21:23 767,488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(4).dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(3).dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(2).dll
2007-04-01 21:23 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-01 21:23 656,896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2007-04-01 21:23 65,536 --a------ C:\WINDOWS\system32\eSellerateControl200.dll
2007-04-01 21:23 64,000 --a------ C:\WINDOWS\system32\E_FBCB9FA.DLL
2007-04-01 21:23 61,440 --a------ C:\WINDOWS\system32\ldamfilt.dll
2007-04-01 21:23 498,742 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-04-01 21:23 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-04-01 21:23 48,128 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-04-01 21:23 34,304 --a------ C:\WINDOWS\system32\E_FBCH9FA.DLL
2007-04-01 21:23 331,776 --a------ C:\WINDOWS\system32\CTMedEng.DLL
2007-04-01 21:23 139,264 --a------ C:\WINDOWS\system32\hpicon.dll
2007-04-01 21:23 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-01 21:23 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2007-04-01 21:23 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-01 21:19 9,216 --a------ C:\WINDOWS\system32\lprmonui.dll
2007-04-01 21:19 51,200 --a------ C:\WINDOWS\system32\dfrgres.dll
2007-04-01 21:18 <DIR> d-------- C:\WINDOWS\DLLArchive
2007-04-01 19:58 <DIR> d-------- C:\Program Files\AnalogX
2007-04-01 18:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 13:43 93,736 --a------ C:\WINDOWS\VTTC.exe
2007-04-01 12:59 1,944 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-30 13:45 <DIR> d-------- C:\TEMP\tn3
2007-03-27 11:00 45,056 --a------ C:\WINDOWS\wbun.exe
2007-03-27 01:27 72,064 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-03-23 08:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Backyard Baseball 2007
2007-03-20 09:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-03-17 15:39 <DIR> d-------- C:\Program Files\Pando Networks
2007-03-17 15:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-03-16 09:31 <DIR> d-------- C:\DOCUME~1\Owner\browser - logitech
2007-03-16 09:30 <DIR> d-------- C:\DOCUME~1\Owner\Logitech
2007-03-16 09:29 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Shared
2007-03-16 09:24 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-03-16 09:24 <DIR> d-------- C:\Program Files\Logitech
2007-03-16 00:21 138 --a------ C:\WINDOWS\UNDEL.BAT
2007-03-15 10:12 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-03-15 10:08 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield
2007-03-14 17:28 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-03-14 17:28 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-14 17:28 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-14 17:28 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-14 17:28 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-03-14 17:28 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-14 14:37 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-03-11 02:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Publish Providers
2007-03-11 02:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sony
2007-03-11 02:22 <DIR> d-------- C:\Program Files\Vstplugins
2007-03-11 02:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-03-10 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-03-10 22:24 65,536 --a------ C:\WINDOWS\system32\a1.dll
2007-03-10 22:24 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe
2007-03-10 22:24 278,528 --a------ C:\WINDOWS\system32\ammpp.dll
2007-03-09 11:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-09 10:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-03-08 16:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\IMSI
2007-03-08 16:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\IMSI
2007-03-08 01:22 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-08 01:22 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-08 01:22 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-08 01:22 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-08 01:22 <DIR> d-------- C:\Program Files\Winamp
2007-03-07 22:15 <DIR> d-------- C:\Program Files\Nero
2007-03-06 19:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Systweak
2007-03-05 08:24 77,000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-03 10:17 -------- d--h----- C:\Program Files\windowsupdate
2007-04-03 10:17 -------- d-------- C:\Program Files\online services
2007-04-03 09:38 -------- d-------- C:\Program Files\msn encarta plus
2007-04-03 09:38 -------- d-------- C:\Program Files\flac
2007-04-03 09:29 -------- d-------- C:\Program Files\symantec
2007-04-03 09:29 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-30 21:23 -------- d-------- C:\Program Files\windows media connect 2
2007-03-30 21:23 -------- d-------- C:\Program Files\movie maker
2007-03-30 21:23 -------- d-------- C:\Program Files\messenger
2007-03-30 21:23 -------- d-------- C:\Program Files\mailfrontier
2007-03-30 21:23 -------- d-------- C:\Program Files\capital flash casino
2007-03-27 11:01 -------- d--h----- C:\Program Files\installshield installation information
2007-03-27 10:54 -------- d-------- C:\Program Files\interactual
2007-03-25 20:04 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\bittorrent
2007-03-23 16:56 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\vso
2007-03-22 19:51 -------- d-------- C:\Program Files\itunes
2007-03-22 19:50 -------- d-------- C:\Program Files\ipod
2007-03-16 00:21 -------- d-------- C:\Program Files\intel
2007-03-14 14:09 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-13 19:09 -------- d-------- C:\Program Files\bittorrent
2007-03-08 10:30 -------- d-------- C:\Program Files\recordnow
2007-03-08 10:30 -------- d-------- C:\Program Files\powerpoint viewer
2007-03-08 10:29 -------- d-------- C:\Program Files\punch! pro - platinum
2007-03-08 10:29 -------- d-------- C:\Program Files\performancetest
2007-03-08 10:29 -------- d-------- C:\Program Files\mozilla thunderbird
2007-03-02 12:59 53248 --a------ C:\WINDOWS\uni_eh10.exe
2007-02-28 16:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 13:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-16 12:59 110592 --a------ C:\TTC.dll
2007-02-15 17:56 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2007-01-31 15:15 87608 --a------ C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-01-31 15:15 7824 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.cat
2007-01-31 15:15 47360 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-01-31 15:15 34 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.log
2007-01-31 15:15 1144 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.inf
2007-01-16 12:57 0 --a------ C:\Autoexec.bat
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-07 10:40 85 ---hs---- C:\DOCUME~1\Owner\APPLIC~1\.zreglib


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Run StartupMonitor"="StartupMonitor.exe"
"cctray"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"QOELOADER"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\""
"CAVRID"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000001
"BackupNoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Online Services\rtene.html

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 11 37 AM.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 2 54 PM.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-03 12:14:36
C:\ComboFix-quarantined-files.txt ... 07-04-03 12:14


Report •

#8
April 3, 2007 at 12:22:27

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:19:27 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\Show.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {96E019DA-BAA8-4473-BA27-07D8C95C8B94} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DED5F70F-E5EE-4FD3-81FE-C1CEFFC3ED35} - \
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/as...
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1501...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnli...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/as...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1502...
O18 - Protocol: bw+0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - D:\Program Files\SlimServer\server\slim.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtene.html

--
End of file - 21800 bytes


Report •

#9
April 3, 2007 at 14:34:31

Run these file thruogh the virustotal scanner mentioned in response #4 and report the results please.

C:\Program Files\Online Services\qufa.dll

C:\Program Files\WindowsUpdate\mesozile.dll

C:\Program Files\Online Services\rtene.html


Report •

#10
April 3, 2007 at 14:42:41

Only the last one got any results:
Your file "rtene.html" is queued in position: 14. Estimated start time is between 163 and 233 seconds.
the other 2 got:
0 bytes size received
I will post results when it is finished scanning.
Thanks

Report •

#11
April 3, 2007 at 15:01:52

Complete scanning result of "rtene.html", received in VirusTotal at 04.03.2007, 23:43:20 (CET).

No viruses found

I am still getting the pop-up windows


Report •

#12
April 3, 2007 at 15:33:14

Go to start> control panel> display> desktop> customize desktop> web> delete all items except "My Current Home Page" unless you put them there, "rtene.html" should be there

Select the ones you want to delete and then click on the Delete button.

Press the OK button to close this screen.

Press the Apply button and then the OK button to close the Display control panel.

Run Hijack This from normal mode and remove these items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (unless you set this)

O2 - BHO: (no name) - {96E019DA-BAA8-4473-BA27-07D8C95C8B94} - \

O2 - BHO: (no name) - {DED5F70F-E5EE-4FD3-81FE-C1CEFFC3ED35} - \

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/as...

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/as...

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...

O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtene.html again, remove if you did not istall this

Exit Hijack This

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Post the AVG AntiSpyware report and a new Hijack This log please.


Report •

#13
April 3, 2007 at 21:41:59

I'm still getting the same pop-up windows.
Here are the AVG AntiSpyware report and a new Hijack This log:

AVG Anti-Spyware - Scan Report


+ Created at: 8:19:33 PM 4/3/2007

+ Scan result:

C:\Documents and Settings\Owner\Desktop\backups\backup-20070403-101653-892.dll -> Adware.TTC : Cleaned.
C:\TTC.dll -> Adware.TTC : Cleaned.
C:\WINDOWS\VTTC.exe -> Adware.TTC : Cleaned.
C:\Documents and Settings\Owner\Desktop\backups\backup-20070403-101653-594.dll -> Adware.ZQuest : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.


::Report end

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:36:47 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Show.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1501...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnli...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/as...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1502...
O18 - Protocol: bw+0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - D:\Program Files\SlimServer\server\slim.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 21254 bytes



Report •

#14
April 4, 2007 at 15:55:33

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

next reboot into safe mode. Navigate to and delete this file if found:

C:\Program Files\WindowsUpdate\mesozile.dll

Reboot to normal mode.

Run this rootkit scanner. Please download F-Secure BlackLight
Click no to viewing unsecure pages if asked then accept the agreement.
Click download (Download Blacklight Beta graphical user interface version ) and download it to your desktop.
Double click blbeta.exe> click run> accept licence agreement> next.
Click Scan> Next. After the scan you'll see a list of all items found.
Please click Next and then Exit. Do NOT choose rename for any items yet! I need to see the log first, because legitimate items can also be present there.
A log will be created on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx are numbers)
Please post the contents of the log in your next reply.

Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives.
A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable.
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log on your desktop.


Report •

#15
April 4, 2007 at 22:41:45

F-Secure Backlight found nothing but here is the log:
04/04/07 16:39:05 [Info]: BlackLight Engine 1.0.61 initialized
04/04/07 16:39:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/04/07 16:39:05 [Note]: 7019 4
04/04/07 16:39:05 [Note]: 7005 0
04/04/07 16:39:10 [Note]: 7006 0
04/04/07 16:39:10 [Note]: 7011 1504
04/04/07 16:39:11 [Note]: 7026 0
04/04/07 16:39:11 [Note]: 7026 0
04/04/07 16:39:14 [Note]: FSRAW library version 1.7.1021
04/04/07 17:01:26 [Note]: 7007 0



Report •

#16
April 4, 2007 at 23:05:54

I'm still getting the pop-ups
Here are the results from DrWeb:
Process.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
warcraft3keygen.exe;C:\Documents and Settings\Owner\My Documents\BitTorrent Downloads\(PC Game) WarCraft III - Reign of Chaos - (Plus Serial & Crac;Trojan.MulDrop.5841;Deleted.;
A0108408.dll;C:\System Volume Information\_restore{96439F1C-62BE-4598-89D2-C57363B204EC}\RP548;Adware.Adpower;Incurable.Moved.;
A0108409.dll;C:\System Volume Information\_restore{96439F1C-62BE-4598-89D2-C57363B204EC}\RP548;Adware.Ttc;Incurable.Moved.;
A0108410.dll;C:\System Volume Information\_restore{96439F1C-62BE-4598-89D2-C57363B204EC}\RP548;Adware.Ttc;Incurable.Moved.;
wbun.exe;C:\WINDOWS;Adware.WebBuying;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;


Report •

#17
April 5, 2007 at 14:45:40

Reboot into safe mode.

Run Killbox from safe mode.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\TTC.dll

C:\WINDOWS\VTTC.exe

C:\WINDOWS\wbun.exe


Return to Killbox, go to the File menu, and choose Paste from Clipboard.


Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

Post a new Hijack This log and a new Combofix log please.


Report •

#18
April 5, 2007 at 16:07:34

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:57:36 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Desktop\Anti-Virus Tools\Show.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1501...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnli...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/as...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1502...
O18 - Protocol: bw+0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - D:\Program Files\SlimServer\server\slim.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 21045 bytes

"Owner" - 07-04-05 16:01:05 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Owner\Desktop\Anti-Virus Tools"


((((((((((((((((((((((((((((((( Files Created from 2007-03-05 to 2007-04-05 ))))))))))))))))))))))))))))))))))


2007-04-05 14:53 <DIR> d-------- C:\!KillBox
2007-04-04 23:12 <DIR> d-------- C:\Program Files\XoftSpySE
2007-04-04 16:45 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-04-03 16:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-02 17:32 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-02 17:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-02 17:32 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-02 17:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-02 17:32 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-02 09:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sun
2007-04-02 00:00 95,760 --a------ C:\WINDOWS\system32\isafeif.dll
2007-04-02 00:00 75,280 --a------ C:\WINDOWS\system32\vetredir.dll
2007-04-02 00:00 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-04-02 00:00 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-04-02 00:00 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-02 00:00 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-04-02 00:00 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-04-02 00:00 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-04-02 00:00 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-04-02 00:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-04-01 21:23 767,488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(4).dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(3).dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(2).dll
2007-04-01 21:23 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-01 21:23 656,896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2007-04-01 21:23 65,536 --a------ C:\WINDOWS\system32\eSellerateControl200.dll
2007-04-01 21:23 64,000 --a------ C:\WINDOWS\system32\E_FBCB9FA.DLL
2007-04-01 21:23 61,440 --a------ C:\WINDOWS\system32\ldamfilt.dll
2007-04-01 21:23 498,742 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-04-01 21:23 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-04-01 21:23 48,128 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-04-01 21:23 34,304 --a------ C:\WINDOWS\system32\E_FBCH9FA.DLL
2007-04-01 21:23 331,776 --a------ C:\WINDOWS\system32\CTMedEng.DLL
2007-04-01 21:23 139,264 --a------ C:\WINDOWS\system32\hpicon.dll
2007-04-01 21:23 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-01 21:23 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2007-04-01 21:23 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-01 21:19 9,216 --a------ C:\WINDOWS\system32\lprmonui.dll
2007-04-01 21:19 51,200 --a------ C:\WINDOWS\system32\dfrgres.dll
2007-04-01 21:18 <DIR> d-------- C:\WINDOWS\DLLArchive
2007-04-01 19:58 <DIR> d-------- C:\Program Files\AnalogX
2007-04-01 18:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 12:59 1,944 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-30 13:45 <DIR> d-------- C:\TEMP\tn3
2007-03-27 01:27 72,064 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-03-23 08:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Backyard Baseball 2007
2007-03-20 09:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-03-17 15:39 <DIR> d-------- C:\Program Files\Pando Networks
2007-03-17 15:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-03-16 09:31 <DIR> d-------- C:\DOCUME~1\Owner\browser - logitech
2007-03-16 09:30 <DIR> d-------- C:\DOCUME~1\Owner\Logitech
2007-03-16 09:29 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Shared
2007-03-16 09:24 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-03-16 09:24 <DIR> d-------- C:\Program Files\Logitech
2007-03-16 00:21 138 --a------ C:\WINDOWS\UNDEL.BAT
2007-03-15 10:12 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-03-15 10:08 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield
2007-03-14 17:28 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-03-14 17:28 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-14 17:28 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-14 17:28 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-14 17:28 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-03-14 17:28 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-14 14:37 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-03-11 02:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Publish Providers
2007-03-11 02:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sony
2007-03-11 02:22 <DIR> d-------- C:\Program Files\Vstplugins
2007-03-11 02:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-03-10 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-03-10 22:24 65,536 --a------ C:\WINDOWS\system32\a1.dll
2007-03-10 22:24 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe
2007-03-10 22:24 278,528 --a------ C:\WINDOWS\system32\ammpp.dll
2007-03-09 11:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-09 10:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-03-08 16:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\IMSI
2007-03-08 16:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\IMSI
2007-03-08 01:22 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-08 01:22 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-08 01:22 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-08 01:22 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-08 01:22 <DIR> d-------- C:\Program Files\Winamp
2007-03-07 22:15 <DIR> d-------- C:\Program Files\Nero
2007-03-06 19:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Systweak
2007-03-05 08:24 77,000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-03 10:17 -------- d--h----- C:\Program Files\windowsupdate
2007-04-03 10:17 -------- d-------- C:\Program Files\online services
2007-04-03 09:38 -------- d-------- C:\Program Files\msn encarta plus
2007-04-03 09:38 -------- d-------- C:\Program Files\flac
2007-04-03 09:29 -------- d-------- C:\Program Files\symantec
2007-04-03 09:29 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-30 21:23 -------- d-------- C:\Program Files\windows media connect 2
2007-03-30 21:23 -------- d-------- C:\Program Files\movie maker
2007-03-30 21:23 -------- d-------- C:\Program Files\messenger
2007-03-30 21:23 -------- d-------- C:\Program Files\mailfrontier
2007-03-30 21:23 -------- d-------- C:\Program Files\capital flash casino
2007-03-27 11:01 -------- d--h----- C:\Program Files\installshield installation information
2007-03-27 10:54 -------- d-------- C:\Program Files\interactual
2007-03-25 20:04 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\bittorrent
2007-03-23 16:56 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\vso
2007-03-22 19:51 -------- d-------- C:\Program Files\itunes
2007-03-22 19:50 -------- d-------- C:\Program Files\ipod
2007-03-16 00:21 -------- d-------- C:\Program Files\intel
2007-03-14 14:09 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-13 19:09 -------- d-------- C:\Program Files\bittorrent
2007-03-08 10:30 -------- d-------- C:\Program Files\recordnow
2007-03-08 10:30 -------- d-------- C:\Program Files\powerpoint viewer
2007-03-08 10:29 -------- d-------- C:\Program Files\punch! pro - platinum
2007-03-08 10:29 -------- d-------- C:\Program Files\performancetest
2007-03-08 10:29 -------- d-------- C:\Program Files\mozilla thunderbird
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 12:59 53248 --a------ C:\WINDOWS\uni_eh10.exe
2007-02-28 16:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 13:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-15 17:56 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2007-01-31 15:15 87608 --a------ C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-01-31 15:15 7824 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.cat
2007-01-31 15:15 47360 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-01-31 15:15 34 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.log
2007-01-31 15:15 1144 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.inf
2007-01-16 12:57 0 --a------ C:\Autoexec.bat
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-07 10:40 85 ---hs---- C:\DOCUME~1\Owner\APPLIC~1\.zreglib


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Run StartupMonitor"="StartupMonitor.exe"
"cctray"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"QOELOADER"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\""
"CAVRID"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000001
"BackupNoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 11 37 AM.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 2 54 PM.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-05 16:06:08
C:\ComboFix-quarantined-files.txt ... 07-04-05 16:06
C:\ComboFix2.txt ... 07-04-03 12:14



Report •

#19
April 5, 2007 at 16:54:58

Go to start> control panel> add/remove programs> scroll down to and uninstall this program if found:

WebBuying

Run Killbox again and delete these files:

C:\WINDOWS\uni_eh10.exe

C:\WINDOWS\UNDEL.BAT

Once you finish let me know you are still getting the popups?

Next, your java is out of date and should be updated right away. Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.



Report •

#20
April 6, 2007 at 10:31:57

Did all that listed in above post. My computer seems to be running smoother but I'm still getting the same pop-up windows.

Report •

#21
April 6, 2007 at 11:02:12

Please download SilentRunners from this link http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.

Report •

#22
April 6, 2007 at 11:14:30

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
----

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Run StartupMonitor" = "StartupMonitor.exe" [null data]
"cctray" = ""d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"" ["CA, Inc."]
"QOELOADER" = ""d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"" ["CA"]
"CAVRID" = ""d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"" ["CA, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "eBay Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CInterceptor Object"
\InProcServer32\(Default) = "C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll" ["Pando Networks"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar5.dll" ["Google Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\Office\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" = "CopyToCD shell extension"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "D:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar"
-> {HKLM...CLSID} = "eBay Toolbar"
\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{1CE2AA40-1317-11D3-9922-00104B0AD431}" = "CA_AntiVirus"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll" ["CA, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"PFDNNT C:\WINDOWS\system32\pavipc.dll" [file not found]|"PFDNNT C:\WINDOWS\system32\SYSTOOLS.DLL" [file not found]|"PFDNNT C:\WINDOWS\system32\PavSHook.dll" [file not found]|"PFDNNT C:\WINDOWS\system32\drivers\pavdrv51.sys" [file not found]|"PFDNNT C:\WINDOWS\system32\TpUtil.dll" [file not found]|"PFDNNT C:\WINDOWS\system32\avldr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\avcic.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\borlndmm.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\cc3250mt.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\COMFLTNT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Config.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\icl_cfg.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\icl_mtr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\icl_trf.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Langm5.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\LocalSrv.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAV2WSC.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVALE.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavAMW.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavexcfg.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFtp.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavHttp.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavim.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavMiCli.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavNntp.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavoepl.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavPop3.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSCR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavSInet.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavSmtp.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrvdl.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Pavtftp.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavTrc.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavWmail.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATCTRL.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATMSG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PNDCTRLA.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAEng.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskads.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskalloc.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Pskas.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Pskavs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskcmp.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Pskfss.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKHTML.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskmfs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskpack.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKSCF.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskutil.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskvfile.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Pskvfs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskvm.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLabel.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLRes.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\RsdnAPI.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ScanObjs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SrvLoad.exe" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\StoreMan.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPConf.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UtilPlat.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vcl50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vclx50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security" [file not found]|"PFDNNT C:\WINDOWS\system32\SYSTOOLS.DLL" [file not found]|"PFDNNT C:\WINDOWS\system32\drivers\pavdrv51.sys" [file not found]|"PFDNNT C:\WINDOWS\system32\avldr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVCIC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\borlndmm.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\cc3250mt.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\COMFLTNT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\CONFIG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_CFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_MTR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\INSTLSP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Langm5.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\LOCALSRV.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAV2WSC.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVALE.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVAMW.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVHTTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVIM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVLSP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVMICLI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVNNTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOEPL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVPOP3.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSCR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSINET.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSMTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSRVDL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTRC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATCTRL.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PNDCTRLA.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAENG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKADS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAVS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKCMP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKFSS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKHTML.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKPACK.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKUTIL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLABEL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLRES.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ScanObjs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\STOREMAN.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPCONF.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UTILPLAT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vcl50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vclx50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WEBPROXY.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security" [file not found]|"PFDNNT C:\WINDOWS\system32\SYSTOOLS.DLL" [file not found]|"PFDNNT C:\WINDOWS\system32\drivers\pavdrv51.sys" [file not found]|"PFDNNT C:\WINDOWS\system32\avldr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVCIC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\borlndmm.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\cc3250mt.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\CISENDS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\COMFLTNT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\CONFIG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_CFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_MTR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\INSTLSP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Langm5.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\LOCALSRV.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAV2WSC.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVALE.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVAMW.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavCntrs.dat" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVCNTRS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCLI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCOM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVHTTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVIM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVLSP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVMICLI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVNNTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOEPL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVPOP3.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSCR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSINET.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSMAPI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSMTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSRVDL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTRC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATCTRL.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\platexch.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATMSG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PNDCTRLA.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAENG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAUI.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKADS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAVS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKCMP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKFSS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKHTML.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskmbldr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMDFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMSCLN.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKPACK.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKUTIL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLABEL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLRES.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ScanObjs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\STOREMAN.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Tcpvfile.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPCONF.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UTILPLAT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vcl50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vclx50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WEBPROXY.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security" [file not found]|"PFDNNT C:\WINDOWS\system32\SYSTOOLS.DLL" [file not found]|"PFDNNT C:\WINDOWS\system32\drivers\pavdrv51.sys" [file not found]|"PFDNNT C:\WINDOWS\system32\avldr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVCIC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\borlndmm.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\cc3250mt.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\COMFLTNT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_CFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_MTR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Langm5.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\libcurl.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\libeay32.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\LIBXML2.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\LOCALSRV.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ofclient.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PaterCtr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAV2WSC.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVALE.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVAMW.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavCntrs.dat" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVCNTRS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVHTTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVIM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVMICLI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVNNTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVPOP3.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSCR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSINET.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSMTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSRVDL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTRC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATCTRL.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PNDCTRLA.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAENG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAUI.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKADS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAVS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKFSS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKHTML.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKPACK.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKUTIL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLABEL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLRES.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ScanObjs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ssleay32.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\STOREMAN.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPCONF.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UTILPLAT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vcl50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vclx50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WEBPROXY.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\zlib.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security" [file not found]|"PFDNNT C:\WINDOWS\system32\SYSTOOLS.DLL" [file not found]|"PFDNNT C:\WINDOWS\system32\drivers\pavdrv51.sys" [file not found]|"PFDNNT C:\WINDOWS\system32\avldr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVCIC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\borlndmm.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\cc3250mt.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\CISENDS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\COMFLTNT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\CONFIG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_CFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ICL_MTR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\INSTLSP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Langm5.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\LOCALSRV.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAV2WSC.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVALE.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVAMW.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavCntrs.dat" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVCNTRS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCFG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCLI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVEXCOM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVHTTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVIM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVLSP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVMICLI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVNNTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOEPL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVPOP3.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSCR.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSINET.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSMAPI.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSMTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVSRVDL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTFTP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVTRC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATC.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATCTRL.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\platexch.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PLATMSG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PNDCTRLA.BPL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAENG.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSAUI.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKADS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKAVS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKCMP.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKFSS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKHTML.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pskmbldr.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMDFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKMSCLN.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKPACK.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKUTIL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVFS.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSKVM.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLABEL.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSWLRES.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\ScanObjs.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\STOREMAN.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Tcpvfile.dll" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPCONF.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UTILPLAT.DLL" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vcl50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\vclx50.bpl" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WEBPROXY.EXE" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam" [file not found]|"PFDNNT C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> avldr\DLLName = "avldr.dll" [file not found]
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll" ["CA, Inc."]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "D:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"
-> {HKLM...CLSID} = "PDShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "D:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"
-> {HKLM...CLSID} = "PDShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll" ["CA, Inc."]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "D:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Default executables:
--------------------

HKLM\Software\Classes\.scr\(Default) = (value not set)


Group Policies {policy setting}:
---

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"BackupNoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp"


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"CAAntiSpywareScan_Daily as Owner at 11 37 AM" -> launches: "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan" [file not found]
"CAAntiSpywareScan_Daily as Owner at 2 54 PM" -> launches: "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan" [file not found]
"XoftSpySE 2" -> launches: "C:\Program Files\XoftSpySE\XoftSpy.exe ShowReminders" ["ParetoLogic"]
"XoftSpySE" -> launches: "C:\Program Files\XoftSpySE\XoftSpy.exe -t" ["ParetoLogic"]


Winsock2 Service Provider DLLs:
--

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\VetRedir.dll ["Computer Associates International, Inc."], 01 - 03, 20
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
-------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar5.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar5.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = (no title provided)
-> {HKLM...CLSID} = "eBay Toolbar"
\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar5.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
--------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
CAISafe, CAISafe, "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe" ["Computer Associates International, Inc."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
MSSQL$PINNACLESYS, MSSQL$PINNACLESYS, "C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -sPINNACLESYS" [MS]
Pinnacle Systems Media Service, PinnacleSys.MediaServer, "c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe" [null data]
SlimServer, slimsvc, ""D:\Program Files\SlimServer\server\slim.exe"" [null data]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
VET Message Service, VETMSGNT, "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe" ["CA, Inc."]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
EPSON Stylus Photo R320 Series 2KMonitor5A\Driver = "E_FLM9FA.DLL" ["SEIKO EPSON CORPORATION"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 75 seconds, including 24 seconds for message boxes)


Report •

#23
April 6, 2007 at 12:07:46

I don't see much at all.

Go to this link http://www.gmer.net/ and download load GMER Application, run it and post the results please.


Report •

#24
April 6, 2007 at 13:02:21

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-06 13:01:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\drivers\core.sys ZwClose
SSDT \SystemRoot\system32\drivers\core.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\core.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\core.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\core.sys ZwLoadKey
SSDT \SystemRoot\system32\drivers\core.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\system32\drivers\core.sys ZwReplaceKey
SSDT \SystemRoot\system32\drivers\core.sys ZwRestoreKey
SSDT \SystemRoot\system32\drivers\core.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 009CF205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 00B5FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 00B5FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 00B5FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 00B5FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 00B5FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 00B5FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 009F15DA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] WININET.dll!HttpSendRequestA 771CCD38 5 Bytes JMP 03C361D0 C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] WININET.dll!HttpSendRequestExW 771D3542 5 Bytes JMP 03C36660 C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] WININET.dll!HttpEndRequestA 771D362B 5 Bytes JMP 03C367F0 C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] WININET.dll!InternetWriteFile 771D3655 5 Bytes JMP 03C36A90 C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] WININET.dll!HttpSendRequestW 771E075D 5 Bytes JMP 03C36340 C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] WININET.dll!HttpSendRequestExA 7722C972 5 Bytes JMP 03C364D0 C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] WININET.dll!HttpEndRequestW 7722C9D4 5 Bytes JMP 03C36940 C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.12 ----


Report •

#25
April 6, 2007 at 13:19:51

Why all the Panda Software "file not found" in SilentRunning scan. I uninstalled that software long ago.
Still getting the pop-ups.
Thanks for your assistance jabuck

Report •

#26
April 6, 2007 at 14:20:09

Describe the popup in as much detail as you can.

Do you have your internet explorer browser ret to about:blank?

This sould remove the Panda reminants.

Run Hijack This and ren\move these items:

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

Exit Hijack This.

Navigate to andelete this file:

C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

Then navigate to and delete this folder:

C:\Program Files\Pando Networks

Download WinPFind
Right Click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Dont do anything with it yet!
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
Click " Configure Scan Options"
Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
Now Click "Start Scan"
It will scan the entire System, so please be patient!
Once the Scan is Complete
Reboot back to Normal Mode!
Go to the WinPFind folder
Locate WinPFind.txt
Place those results in the next post.

This will be a large post so it may take two post to get all of it posted.


Report •

#27
April 6, 2007 at 16:06:50

I don't intentionally have my browser set to About Blank.

When I open a browser my default is Google. Another page will open:

http://url.cpvfeed.com/cpv.jsp?p=11...

or I open:

http://www.remotecentral.com/

and another page opens:

http://url.cpvfeed.com/cpv.jsp?p=11...

Almost always begins with cpvfeed.

Another thing, I think you are confusing Panda with Pando. I want to keep Pando, which is a "large file" sending program, whereas Panda is anti-virus software. The one that showed up on the "SilentRunning" scan with "no file found" was Panda, the one I don't want.


While I was typing this another page popped up:
http://url.cpvfeed.com/cpv.jsp?p=11...


Report •

#28
April 6, 2007 at 21:02:14

Go to start > controlpanel > add/remove programs and uninstall next if present:
Think-Adz Search Assistant
Enhanced Ads by Think-Adz
Surfsidekick
ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX by OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Snowball Wars by OIN
Yazzle Sudoku by OIN
Zolero Translator

or anything similar with Oin in it
888 toolbar
anything with 888 in it

If OIN not listed, download and run this uninstaller OiUninstaller.exe

Reboot when done! Really important!

Let me know if you found and un installed any of them.

Navigate to and delete this folder:

C:\qoolbox

Empty the recycle bin.

On the panda files navigate to and delete this folder:

C:\Program Files\Panda Software


Report •

#29
April 7, 2007 at 10:09:21

None of those were present.
qoolbox was not present.
I did a search for Panda and there was nothing, anywhere.
Ran the OiUninstaller.
Went to empty the recycle bin and it was already empty for some reason. Maybe one of those scans or shredders you had me run emptied the recycle bin?

I left my computer on and unattended for several hours and when I came back 36 pages were open and crashed my computer. I had to do a hard re-start.

This JUST popped up:

http://www.reallygreatrate.com/refi...


Report •

#30
April 7, 2007 at 16:46:24

Lets see if these scanners will reveal the offending files.

Please download SDFix by AndyManchesta and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.


Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Download WinPFind
Right Click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Dont do anything with it yet!
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
Click " Configure Scan Options"
Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
Now Click "Start Scan"
It will scan the entire System, so please be patient!
Once the Scan is Complete
Reboot back to Normal Mode!
Go to the WinPFind folder
Locate WinPFind.txt
Place those results in the next post, this file will be large some it may take two post to get all of it posted.


Report •

#31
April 7, 2007 at 20:10:00

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...


SDFix: Version 1.77

Run by Owner - Sat 04/07/2007 - 17:46:38.67

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\ANTI-V~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\MPCHQ7~1.HTM - Deleted
C:\WINDOWS\Uninst2.htm - Deleted
C:\WINDOWS\Unist1.htm - Deleted

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:bittorrent"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Owner\Desktop\ANTI-V~1\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Intel\Intel.com
C:\WINDOWS\twain.dll
C:\WINDOWS\twain_32.dll
C:\WINDOWS\system32\msvcp60.dll
C:\bundle\PictureIt\PIP\LAUNCHER.EXE
C:\WINDOWS\system32\regsvr32.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3941.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0369.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0380.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1526.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1657.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1668.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1781.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1867.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1942.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1945.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2130.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2342.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2389.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2819.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3103.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3138.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3367.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL4095.tmp

Finished


Report •

#32
April 7, 2007 at 20:10:24

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 6/17/2006 11:03:42 PM 27262976 C:\VIRTPART.DAT

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
Umonitor 4/1/2007 1:32:58 PM 122580 C:\WINDOWS\pxinstall_log.txt

Checking %System% folder...
aspack 12/5/2005 7:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 3/31/2006 1:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
PEC2 3/31/2003 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 2/14/1997 10:24:14 PM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb
PTech 3/15/2007 6:19:28 PM 1476992 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 3/7/2007 1:36:32 PM 12619736 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 3/7/2007 1:36:32 PM 12619736 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 2/28/2002 12:42:54 PM 13107200 C:\WINDOWS\SYSTEM32\oembios.bin
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 4/27/2006 5:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 8/29/2006 7:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 1/9/2006 10:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe
UPX! 12/1/2006 6:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe
PEC2 6/22/2004 4:41:00 AM 209920 C:\WINDOWS\SYSTEM32\tssOfficeMenu1c.ocx
winsync 3/31/2003 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 3/15/2007 6:17:08 PM 336768 C:\WINDOWS\SYSTEM32\WgaTray.exe
PEC2 10/18/2006 10:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/7/2007 6:06:30 PM S 2048 C:\WINDOWS\bootstat.dat
4/5/2007 9:34:04 AM H 54156 C:\WINDOWS\QTFont.qfn
3/11/2007 2:23:38 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index28.dat
3/11/2007 2:23:38 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index29.dat
3/26/2007 9:43:18 AM H 4212 C:\WINDOWS\system32\zllictbl.dat
3/8/2007 9:02:22 AM S 13402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925902.cat
3/15/2007 6:19:50 PM S 9798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
4/7/2007 6:06:20 PM H 8192 C:\WINDOWS\system32\config\default.LOG
4/7/2007 6:10:16 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
4/7/2007 6:06:32 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
4/7/2007 6:12:14 PM H 86016 C:\WINDOWS\system32\config\software.LOG
4/7/2007 6:04:58 PM H 1024 C:\WINDOWS\system32\config\system.LOG
3/18/2007 3:01:26 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
3/9/2007 11:43:50 AM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
3/29/2007 10:13:44 AM S 51396 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
3/19/2007 2:36:38 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3
3/9/2007 11:43:50 AM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
3/29/2007 10:13:44 AM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
3/19/2007 2:36:38 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3
2/16/2007 10:23:30 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5694c5b2-9912-4162-ad55-94d42b9f4445
2/16/2007 10:23:30 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
2/12/2007 9:31:40 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7735ce9e-ba9e-453d-8b54-6e08d2e7b9f7
2/12/2007 9:31:42 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
4/7/2007 6:04:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 9/21/2005 11:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 3/30/2001 3:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 1/8/2007 8:02:10 PM 1823744 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/15/2006 3:09:12 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/31/2003 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Ahead Software AG 10/9/2002 4:36:12 AM 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Autodesk, Inc. 4/23/2001 1:35:46 AM 454718 C:\WINDOWS\SYSTEM32\plotman.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel(R) Corporation 3/2/2004 12:39:06 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Realtek Semiconductor Corp. 9/15/2005 6:26:52 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL
12/29/2002 1:14:38 AM 81920 C:\WINDOWS\SYSTEM32\Startup.cpl
Autodesk, Inc. 4/23/2001 1:35:50 AM 454719 C:\WINDOWS\SYSTEM32\styleman.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/31/2003 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
4/3/2003 1:13:38 PM 28672 C:\WINDOWS\SYSTEM32\tweakmanager.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 1/8/2007 8:02:10 PM 1823744 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Realtek Semiconductor Corp. 1/5/2005 8:26:58 PM 278528 C:\WINDOWS\SYSTEM32\ReinstallBackups\0022\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/15/2002 10:59:48 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2/15/2002 2:54:48 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
1/7/2006 8:30:12 PM 1359 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
2/15/2002 10:59:48 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
1/7/2007 10:40:52 AM HS 85 C:\Documents and Settings\Owner\Application Data\.zreglib
3/16/2005 1:32:20 PM 37200 C:\Documents and Settings\Owner\Application Data\Comma Separated Values (DOS).ADR
2/1/2005 5:46:46 PM 23474 C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
2/15/2002 2:54:48 AM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
1/31/2007 3:15:10 PM 87608 C:\Documents and Settings\Owner\Application Data\ezpinst.exe
1/31/2007 3:15:10 PM 7824 C:\Documents and Settings\Owner\Application Data\pcouffin.cat
1/31/2007 3:15:10 PM 1144 C:\Documents and Settings\Owner\Application Data\pcouffin.inf
1/31/2007 3:15:20 PM 34 C:\Documents and Settings\Owner\Application Data\pcouffin.log
1/31/2007 3:15:10 PM 47360 C:\Documents and Settings\Owner\Application Data\pcouffin.sys

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
Maxthon = IEAK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG Anti-Spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = D:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PandoShellExt
{9C150845-2A2D-44CC-90B3-AA03480AA3D2} = C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = D:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = D:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PandoShellExt
{9C150845-2A2D-44CC-90B3-AA03480AA3D2} = C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
=

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper =
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
eBay Toolbar Helper = C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}
CInterceptor Object = C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar5.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
EpsonToolBandKicker Class =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{92A40B0A-740A-4A11-9DDB-70460C6DA383}
Copernic Desktop Search =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C5F7A735-70F1-477F-8C36-6FF3C736017B}
Copernic Desktop Search =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C5F7A735-70F1-477F-8C36-6FF3C736017B} = Copernic Desktop Search :
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} = eBay Toolbar : C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar5.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
MenuText = @xpsp3res.dll,-20001 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\Shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\Shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\Shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar5.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\Browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar5.dll
{C5F7A735-70F1-477F-8C36-6FF3C736017B} = Copernic Desktop Search :
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Run StartupMonitor StartupMonitor.exe
cctray "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
QOELOADER "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
CAVRID "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
!AVG Anti-Spyware "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
AcctMgr D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
?
hkey HKCU
command ???
?
inimapping 1
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
?
hkey HKCU
command ???
?
inimapping 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
?
hkey HKCU
command ???
?
inimapping 1
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
?
hkey HKCU
command ???
?
inimapping 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _
NoCDBurning 1
BackupNoCDBurning 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll
WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr
= avldr.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


<<<<<<<<<< Checking for AddOn Monitors.def information >>>>>>>>>>
Parameter line : regkey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors found!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Adobe PDF Port
Driver C:\WINDOWS\system32\AdobePDF.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Adobe PDF Port\Ports

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
Driver cnbjmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\EPSON Stylus Photo R320 Series 2KMonitor5A
Driver E_FLM9FA.DLL


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
Driver localspl.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor
Driver pjlmon.dll
EOJTimeout 60000


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port
Driver tcpmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports
StatusUpdateInterval 10
StatusUpdateEnabled 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor
Driver usbmon.dll

<<<<<<<<<< Checking for AddOn OpenCommand.def information >>>>>>>>>>
>>>>>>>>>> Exporting Shell Open\Command entries
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command found!
regedit.exe "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command found!
"%1" /S

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command found!

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command found!
"C:\Program Files\Internet Explorer\iexplore.exe" "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command found!
"C:\Program Files\Internet Explorer\iexplore.exe" "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command found!


<<<<<<<<<< Checking for AddOn Policies.def information >>>>>>>>>>

<<<<<<<<<< Checking for AddOn Qoologic.def information >>>>>>>>>>
>>>>>>>>>> Search by size and name
>>>>>>>>>> Files found by this method are not necessarily bad
>>>>>>>>>> Example PNGFILT.DLL is a windows file
Parameter line : file=%sysdir%;*.exe;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;redit.cpl;;;;;
File C:\WINDOWS\SYSTEM32\redit.cpl was not found!
Parameter line : file=%sysdir%;conres.cpl;;;;;
File C:\WINDOWS\SYSTEM32\conres.cpl was not found!
Parameter line : file=%sysdir%;datadx.dll;;;;;
File C:\WINDOWS\SYSTEM32\datadx.dll was not found!
Parameter line : file=%sysdir%;*.dll;150;10240;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10240 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;46080;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 46080 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;34816;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 34816 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;16384;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 16384 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;29184;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 29184 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;26624;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 26624 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;9728;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 9728 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;10843;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;18432;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 18432 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;23040;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 23040 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;17920;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 17920 bytes was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>> Misc Checks
Parameter line : file=%sysdir%;*.dat;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%windir%;*.dll;150;10843;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3950;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3950 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3943;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3943 bytes was not found!

<<<<<<<<<< Checking for AddOn RDriv.def information >>>>>>>>>>
Registry Entries
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center found!
AntiVirusDisableNotify 0
FirewallDisableNotify 0
UpdatesDisableNotify 0
AntiVirusOverride 0
FirewallOverride 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
DisableMonitoring 1
DisableMonitoring 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\OLE;;
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE found!
EnableDCOM Y

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat\ActivationSecurityCheckExemptionList
{A50398B8-9075-4FBF-A7A1-456BF21937AD} 1
{AD65A69D-3831-40D7-9629-9B0B50A93843} 1
{0040D221-54A1-11D1-9DE0-006097042D69} 1
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} 1

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\NONREDIST
System.EnterpriseServices.Thunk.dll


Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate;;
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall;;
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall found!

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile

Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters found!
autodisconnect 15
enableforcedlogoff 1
enablesecuritysignature 0
requiresecuritysignature 0
Lmannounce 0
Size 1
Guid ÓÀóó+H¼·Ï•–¤h
CachedOpenLimit 0
AdjustedNullSessionPipes 1
srvcomment OFFICE
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters found!
enableplaintextpassword 0
enablesecuritysignature 1
requiresecuritysignature 0
Size 2

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions found!

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00022613-0000-0000-C000-000000000046} Multimedia File Property Sheet
{176d6597-26d3-11d1-b350-080036a75b03} ICM Scanner Management
{1F2E5C40-9550-11CE-99D2-00AA006E086C} NTFS Security Page
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} OLE Docfile Property Page
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} Shell extensions for sharing
{41E300E0-78B6-11ce-849B-444553540000} PlusPack CPL Extension
{42071712-76d4-11d1-8b24-00a0c9068ff3} Display Adapter CPL Extension
{42071713-76d4-11d1-8b24-00a0c9068ff3} Display Monitor CPL Extension
{42071714-76d4-11d1-8b24-00a0c9068ff3} Display Panning CPL Extension
{4E40F770-369C-11d0-8922-00A024AB2DBB} DS Security Page
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Compatibility Page
{56117100-C0CD-101B-81E2-00AA004AE837} Shell Scrap DataHandler
{59099400-57FF-11CE-BD94-0020AF85B590} Disk Copy Extension
{59be4990-f85c-11ce-aff7-00aa003ca9f6} Shell extensions for Microsoft Windows Network objects
{5DB2625A-54DF-11D0-B6C4-0800091AA605} ICM Monitor Management
{675F097E-4C4D-11D0-B6C1-0800091AA605} ICM Printer Management
{764BF0E1-F219-11ce-972D-00AA00A14F56} Shell extensions for file compression
{77597368-7b15-11d0-a0c2-080036af3f03} Web Printer Shell Extension
{7988B573-EC89-11cf-9C00-00AA00A14F56} Disk Quota UI
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Encryption Context Menu
{85BBD920-42A0-1069-A2E4-08002B30309D} Briefcase
{88895560-9AA2-1069-930E-00AA0030EBC8} HyperTerminal Icon Ext
{BD84B380-8CA2-1069-AB1D-08000948F534} Fonts
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} ICC Profile
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} Printers Security Page
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} Shell extensions for sharing
{f92e8c40-3d33-11d2-b1aa-080036a75b03} Display TroubleShoot CPL Extension
{7444C717-39BF-11D1-8CD9-00C04FC29D45} Crypto PKO Extension
{7444C719-39BF-11D1-8CD9-00C04FC29D45} Crypto Sign Extension
{7007ACC7-3202-11D1-AAD2-00805FC1270E} Network Connections
{992CFFA0-F557-101A-88EC-00DD010CCC48} Network Connections
{E211B736-43FD-11D1-9EFB-0000F8757FCD} Scanners & Cameras
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} Scanners & Cameras
{905667aa-acd6-11d2-8080-00805f6596d2} Scanners & Cameras
{3F953603-1008-4f6e-A73A-04AAC7A992F1} Scanners & Cameras
{83bbcbf3-b28a-4919-a5aa-73027445d672} Scanners & Cameras
{F0152790-D56E-4445-850E-4F3117DB740C} Remote Sessions CPL Extension
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} Auto Update Property Sheet Extension
{60254CA5-953B-11CF-8C96-00AA00B8708C} Shell extensions for Windows Script Host
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} Microsoft Data Link
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} Tasks Folder Icon Handler
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} Tasks Folder Shell Extension
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} Scheduled Tasks
{0DF44EAA-FF21-4412-828E-260A8728E7F1} Taskbar and Start Menu
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} Search
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} Help and Support
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} Help and Support
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} Run...
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} Internet
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} E-mail
{D20EA4E1-3957-11d2-A40B-0C5020524152} Fonts
{D20EA4E1-3957-11d2-A40B-0C5020524153} Administrative Tools
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} Audio Media Properties Handler
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} Video Media Properties Handler
{E4B29F9D-D390-480b-92FD-7DDB47101D71} Wav Properties Handler
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} Avi Properties Handler
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} Midi Properties Handler
{c5a40261-cd64-4ccf-84cb-c394da41d590} Video Thumbnail Extractor
{5E6AB780-7743-11CF-A12B-00AA004AE837} Microsoft Internet Toolbar
{22BF0C20-6DA7-11D0-B373-00A0C9034938} Download Status
{91EA3F8B-C99B-11d0-9815-00C04FD91972} Augmented Shell Folder
{6413BA2C-B461-11d1-A18A-080036B11A03} Augmented Shell Folder 2
{F61FFEC1-754F-11d0-80CA-00AA005B4383} BandProxy
{7BA4C742-9E81-11CF-99D3-00AA004AE837} Microsoft BrowserBand
{30D02401-6A81-11d0-8274-00C04FD5AE38} IE Search Band
{32683183-48a0-441b-a342-7c2a440a9478} Media Band
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} In-pane search
{07798131-AF23-11d1-9111-00A0C98BA67D} Web Search
{AF4F6510-F982-11d0-8595-00AA004CD6D8} Registry Tree Options Utility
{01E04581-4EEE-11d0-BFE9-00AA005B4383} &Address
{A08C11D2-A228-11d0-825B-00AA005B4383} Address EditBox
{00BB2763-6A77-11D0-A535-00C04FD7D062} Shell Microsoft AutoComplete
{7376D660-C583-11d0-A3A5-00C04FD706EC} TridentImageExtractor
{6756A641-DE71-11d0-831B-00AA005B4383} MRU AutoComplete List
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} Custom MRU AutoCompleted List
{7e653215-fa25-46bd-a339-34a2790f3cb7} Accessible
{acf35015-526e-4230-9596-becbe19f0ac9} Track Popup Bar
{E0E11A09-5CB8-4B6C-8332-E00720A168F2} Address Bar Parser
{00BB2764-6A77-11D0-A535-00C04FD7D062} Microsoft History AutoComplete List
{03C036F1-A186-11D0-824A-00AA005B4383} Microsoft Shell Folder AutoComplete List
{00BB2765-6A77-11D0-A535-00C04FD7D062} Microsoft Multiple AutoComplete List Container
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} Shell Band Site Menu
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} Shell DeskBarApp
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} Shell DeskBar
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} Shell Rebar BandSite
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} User Assist
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} Global Folder Settings
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} Favorites Band
{0A89A860-D7B1-11CE-8350-444553540000} Shell Automation Inproc Service
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} Shell DocObject Viewer
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} Microsoft Browser Architecture
{FBF23B40-E3F0-101B-8488-00AA003E56F8} InternetShortcut
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} Microsoft Url History Service
{FF393560-C2A7-11CF-BFF4-444553540000} History
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Microsoft Url Search Hook
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} IE4 Suite Splash Screen
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} CDF Extension Copy Hook
{131A6951-7F78-11D0-A979-00C04FD705A2} ISFBand OC
{9461b922-3c5a-11d2-bf8b-00c04fb93661} Search Assistant OC
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} The Internet
{871C5380-42A0-1069-A2EA-08002B30309D} Internet Name Space
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} Explorer Band
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
{88C6C381-2E85-11D0-94DE-444553540000} ActiveX Cache Folder
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} WebCheck
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} Subscription Mgr
{F5175861-2688-11d0-9C5E-00AA00A45957} Subscription Folder
{08165EA0-E946-11CF-9C87-00AA005127ED} WebCheckWebCrawler
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} WebCheckChannelAgent
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} TrayAgent
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} Code Download Agent
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} ConnectionAgent
{D8BD2030-6FC9-11D0-864F-00AA006809D9} PostAgent
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} WebCheck SyncMgr Handler
{352EC2B7-8B9A-11D1-B8AE-006008059382} Shell Application Manager
{0B124F8F-91F0-11D1-B8B5-006008059382} Installed Apps Enumerator
{CFCCC7A0-A282-11D1-9082-006008059382} Darwin App Publisher
{e84fda7c-1d6a-45f6-b725-cb260c236066} Shell Image Verbs
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} Shell Image Data Factory
{3F30C968-480A-4C6C-862D-EFC0897BB84B} GDI+ file thumbnail extractor
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} Summary Info Thumbnail handler (DOCFILES)
{EAB841A0-9550-11cf-8C16-00805F1408F3} HTML Thumbnail Extractor
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} Shell Image Property Handler
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} Web Publishing Wizard
{add36aa8-751a-4579-a266-d66f5202ccbb} Print Ordering via the Web
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} Shell Publishing Wizard Object
{58f1f272-9240-4f51-b6d4-fd63d1618591} Get a Passport Wizard
{7A9D77BD-5403-11d2-8785-2E0420524153} User Accounts
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} Compressed (zipped) Folder
{BD472F60-27FA-11cf-B8B4-444553540000} Compressed (zipped) Folder Right Drag Handler
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} Compressed (zipped) Folder SendTo Target
{63da6ec0-2e98-11cf-8d82-444553540000} FTP Folders Webview
{883373C3-BF89-11D1-BE35-080036B11A03} Microsoft DocProp Shell Ext
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} Microsoft DocProp Inplace Edit Box Control
{8EE97210-FD1F-4B19-91DA-67914005F020} Microsoft DocProp Inplace ML Edit Box Control
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} Microsoft DocProp Inplace Droplist Combo Control
{6A205B57-2567-4A2C-B881-F787FAB579A3} Microsoft DocProp Inplace Calendar Control
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} Microsoft DocProp Inplace Time Control
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} Directory Query UI
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} Shell properties for a DS object
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} Directory Object Find
{F020E586-5264-11d1-A532-0000F8757D7E} Directory Start/Search Find
{0D45D530-764B-11d0-A1CA-00AA00C16E65} Directory Property UI
{62AE1F9A-126A-11D0-A14B-0800361B1103} Directory Context Menu Verbs
{ECF03A33-103D-11d2-854D-006008059367} MyDocs Copy Hook
{ECF03A32-103D-11d2-854D-006008059367} MyDocs Drop Target
{4a7ded0a-ad25-11d0-98a8-0800361b1103} MyDocs Properties
{750fdf0e-2a26-11d1-a3ea-080036587f03} Offline Files Menu
{10CFC467-4392-11d2-8DB4-00C04FA31A66} Offline Files Folder Options
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} Offline Files Folder
{143A62C8-C33B-11D1-84FE-00C04FA34A14} Microsoft Agent Character Property Sheet Handler
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} DfsShell
{60fd46de-f830-4894-a628-6fa81bc0190d} %DESC_PublishDropTarget%
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} MMC Icon Handler
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} .CAB file viewer
{32714800-2E5F-11d0-8B85-00AA0044F941} For &People...
{8DD448E6-C188-4aed-AF92-44956194EB1F} Windows Media Player Burn Audio CD Context Menu Handler
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} Windows Media Player Play as Playlist Context Menu Handler
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} Windows Media Player Add to Playlist Context Menu Handler
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} Set Program Access and Defaults
{596AB062-B4D2-4215-9F74-E9109B0A8153} Previous Versions Property Page
{9DB7A13C-F208-4981-8353-73CC61AE2783} Previous Versions
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} Extensions Manager Folder
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} Shell Extensions for RealOne Player
{0006F045-0000-0000-C000-000000000046} Microsoft Outlook Custom Icon Handler
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} Web Folders
{42042206-2D85-11D3-8CFF-005004838597} Microsoft Office HTML Icon Handler
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} Adobe.Acrobat.ContextMenu
{E0D79304-84BE-11CE-9641-444553540000} WinZip
{E0D79305-84BE-11CE-9641-444553540000} WinZip
{E0D79306-84BE-11CE-9641-444553540000} WinZip
{E0D79307-84BE-11CE-9641-444553540000} WinZip
{1D2680C9-0E2A-469d-B787-065558BC7D43} Fusion Cache
{e57ce731-33e8-4c51-8354-bb4de9d215d1} Universal Plug and Play Devices
{2F25CF20-C569-11D1-B94C-00608CB45480} TextPad
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} Webroot Spy Sweeper Context Menu Integration
{FED7043D-346A-414D-ACD7-550D052499A7} dBpowerAMP Popup Info
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} dBpowerAMP Music Converter
{043308A2-3CF7-4ED5-A668-2B4FB0BD307A} dBpowerAMP dAP Scripting
{21569614-B795-46b1-85F4-E737A8DC09AD} Shell Search Band
{EFA24E62-B078-11d0-89E4-00C04FC9E26E} History Band
{3028902F-6374-48b2-8DC6-9725E775B926} IE AutoComplete
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} iTunes
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} WinAce Archiver 2.61 Context Menu Shell Extension
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} WinAce Archiver 2.61 DragDrop Shell Extension
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} WinAce Archiver 2.61 Context Menu Shell Extension
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} WinAce Archiver 2.61 Property Sheet Shell Extension
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} CopyToCD shell extension
{35786D3C-B075-49b9-88DD-029876E11C01} Portable Devices
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} Portable Devices Menu
{07C45BB1-4A8C-4642-A1F5-237E7215FF66} IE Microsoft BrowserBand
{1C1EDB47-CE22-4bbb-B608-77B48F83C823} IE Fade Task
{205D7A97-F16D-4691-86EF-F3075DCCA57D} IE Menu Desk Bar
{43886CD5-6529-41c4-A707-7B3C92C05E68} IE Navigation Bar
{44C76ECD-F7FA-411c-9929-1B77BA77F524} IE Menu Site
{4B78D326-D922-44f9-AF2A-07805C2A3560} IE Menu Band
{6038EF75-ABFC-4e59-AB6F-12D397F6568D} IE Microsoft History AutoComplete List
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} IE Tracking Shell Menu
{6CF48EF8-44CD-45d2-8832-A16EA016311B} IE IShellFolderBand
{73CFD649-CD48-4fd8-A272-2070EA56526B} IE BandProxy
{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} IE MRU AutoComplete List
{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} IE RSS Feeder Folder
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} IE Microsoft Shell Folder AutoComplete List
{B31C5FAE-961F-415b-BAF0-E697A5178B94} IE Microsoft Multiple AutoComplete List Container
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} Microsoft Browser Architecture
{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} IE Shell Rebar BandSite
{E6EE9AAC-F76B-4947-8260-A9F136138E11} IE Shell Band Site Menu
{F2CF5485-4E02-4f68-819C-B92DE9277049} &Links
{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} IE Registry Tree Options Utility
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} IE User Assist
{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} IE Custom MRU AutoCompleted List
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} eBay Toolbar
{640167b4-59b0-47a6-b335-a6b3c0695aea} Portable Media Devices
{5464D816-CF16-4784-B9F3-75C0DB52B499} Yahoo! Mail
{e82a2d71-5b2f-43a0-97b8-81be15854de8} ShellLink for Application References
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} Shell Icon Handler for Application References
{B327765E-D724-4347-8B16-78AE18552FC3} NeroDigitalIconHandler
{7F1CF152-04F8-453A-B34C-E609530A9DC8} NeroDigitalPropSheetHandler
{D9872D13-7651-4471-9EEE-F0A00218BEBB} Multiscan
{1CE2AA40-1317-11D3-9922-00104B0AD431} CA_AntiVirus


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{750FDF0E-2A26-11D1-A3EA-080036587F03} {000214E8-0000-0000-C000-000000000046} 0x401 1
{1e9b04fb-f9e5-4718-997b-b8da88302a47} {000214e8-0000-0000-c000-000000000046} 0x401 1
{1e9b04fb-f9e5-4718-997b-b8da88302a48} {000214e8-0000-0000-c000-000000000046} 0x401 1
{1cdb2949-8f65-4355-8456-263e7c208a5d} {000214e6-0000-0000-c000-000000000046} 0x401 1
{A4DF5659-0801-4A60-9607-1C48695EFDA9} {000214E6-0000-0000-C000-000000000046} 0x401 1


Files
Parameter line : File=%sysdir%;rdriv.sys;;;;;
File C:\WINDOWS\SYSTEM32\rdriv.sys was not found!
Parameter line : File=%sysdir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\SYSTEM32\ItunesMusic.exe was not found!
Parameter line : File=%sysdir%;wkssvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\wkssvc.exe was not found!
Parameter line : File=%windir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\ItunesMusic.exe was not found!
Parameter line : File=%windir%;wkssvc.exe;;;;;
File C:\WINDOWS\wkssvc.exe was not found!

<<<<<<<<<< Checking for AddOn SharedTaskScheduler.def information >>>>>>>>>>
>>>>>>>>>> Exporting Policies from HKLM
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler found!
{438755C2-A8BA-11D1-B96B-00A0C90312E1} Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} Component Categories cache daemon


<<<<<<<<<< Checking for AddOn WareOut.def information >>>>>>>>>>
>>>>>>>>>> PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Parameter line : file=%sysdir%;*.exe;300;55304;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;4096;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;28680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 28680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;11264;;;
8/4/2004 12:56:48 AM 11264 C:\WINDOWS\SYSTEM32\atmadm.exe found!
3/31/2003 5:00:00 AM 11264 C:\WINDOWS\SYSTEM32\attrib.exe found!
8/4/2004 12:56:48 AM 11264 C:\WINDOWS\SYSTEM32\autolfn.exe found!
3/31/2003 5:00:00 AM 11264 C:\WINDOWS\SYSTEM32\chkntfs.exe found!
3/31/2003 5:00:00 AM 11264 C:\WINDOWS\SYSTEM32\rasdial.exe found!
12/17/2002 8:03:38 PM 11264 C:\WINDOWS\SYSTEM32\spiisupd.exe found!
Parameter line : file=%sysdir%;*.ren;300;43528;;;
File C:\WINDOWS\SYSTEM32\*.ren for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;ntfsnlpa.exe;;;;;
File C:\WINDOWS\SYSTEM32\ntfsnlpa.exe was not found!
Parameter line : file=%sysdir%;cisvvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\cisvvc.exe was not found!
Parameter line : file=%sysdir%;drv2cltr.dll;;;;;
File C:\WINDOWS\SYSTEM32\drv2cltr.dll was not found!
Parameter line : file=%sysdir%;hybsys32.dll;;;;;
File C:\WINDOWS\SYSTEM32\hybsys32.dll was not found!
Parameter line : file=%sysdir%;loadctr.exe;;;;;
File C:\WINDOWS\SYSTEM32\loadctr.exe was not found!
Parameter line : file=%sysdir%;rdsndin.exe;;;;;
File C:\WINDOWS\SYSTEM32\rdsndin.exe was not found!
Parameter line : file=%sysdir%;pxpcya64.exe;;;;;
File C:\WINDOWS\SYSTEM32\pxpcya64.exe was not found!
Parameter line : file=%windir%;*.exe;300;55304;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%windir%;*.exe;300;43528;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%windir%;*.exe;300;4096;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%windir%;rdt.ini;;;;;
File C:\WINDOWS\rdt.ini was not found!
Parameter line : file=%windir%;baloon.wav;;;;;
File C:\WINDOWS\baloon.wav was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>>Registry keys to look for
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;system;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\system found!
System
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\WareOut not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\WareOut;;
HKEY_CURRENT_USER\Software\WareOut not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies


Report •

#33
April 7, 2007 at 20:50:01

Did the removal of the files by SDfix help.

I don't see anything in the WinPFind log.


Report •

#34
April 7, 2007 at 23:33:58

No, I am still getting the same pop-ups:

url.cpvfeed.com

Would it be advisable to do a OS re-install?


Report •

#35
April 8, 2007 at 09:47:59

That is up to you but seems a little drastic.

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

navigate to and see if you can find one or both of these files/folders:

C:\WINDOWS\system32\SearchTool\nsl1F0.dll


C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll


Report •

#36
April 8, 2007 at 10:10:59

Neither are there

Report •

#37
April 9, 2007 at 18:13:51

I found the culprit. If anyone has this cpvfeed attack problem, let me know. It's hard to find with any anti-spyware but easy to fix once you know where to look.

Thanks for all your help and patience jabuck.


Report •

#38
April 10, 2007 at 03:37:25

Could you share with us how you solved the problem?

Report •

#39
April 10, 2007 at 10:41:40

Gladly.

3 items need to be deleted.
In SAFE MODE navigate to:

C:/Windows/System32/Drivers/

and delete core.sys and core.cache.dsk

Now Run regedit and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
and delete core and all of its contents.

Reboot normal and voilà, problem solved.
This was the most difficult to solve problem I have encountered in all of my many years in working with computers. It came from a downloaded torrent called Galaxy.3D.Journey.Screensaver.1.4.Inc.Serial.rar

I feel I must give credit to the person who solved this puzzle. "thang" of Google Groups. Apparently the Kasperskly Online Scanner found it when nothing else could.

Hopefully this will help other people to rid themselves of this nasty infection.

Thanks again jabuck for all your help.
My computer runs so much better now that I have run all the scans and shredders and all the other stuff you had me run. It didn't find the cpvfeed problem but it did clean out a whole host of other nasties.


Report •

#40
April 10, 2007 at 14:04:12

Thanks Gregavi for the valuble info.

Report •


Ask Question