1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: I have a Virus

Discussion in 'Virus & Other Malware Removal' started by bluecoastbikini, Nov 4, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    Hello. I have a virus. It put two exe files on my desktop labeled "leeman_bot.exe" and "leeman_2.exe" that appeared there and seem to be linked with the virus. I was able to delete the bot one, but not the 2 one. When I try to delete it, it says "Cannot be deleted. Access is denied. Source may be in use."

    There are two programs in my start - programs called "Outerinfo" and "Internet Speed Monitor." It wont let me uninstall them, instead it takes me to a spyware remover webpage *cough* scam.

    I get constant popups, and constant "your system is infected" BS. The Little flashing Explanation point in the yellow trangle in my system tray which tells me "Warning: Your system is infected with Spyware - Click for more details"

    This is really annoying, and anytime I try to go to a webpage it gives me a thousand popups and sometimes I cannot even access certain webpages at all.

    When I click Control-Alt-Delete, it won't let me select the Task Manager, it's greyed out so it's not a clickable button.

    Also, I cannot access my add/remove programs, When I click add/remove programs, there is a blank space where the programs should be listed, and it freezes like that. I can't remove the add/remove programs from my taskbar until I restart my computer.


    HELP PLEASE! Thank you!
     
  2. long tall sally

    long tall sally

    Joined:
    Nov 4, 2007
    Messages:
    22
    Hi,,,, have you run ad-ware se and spybot search and Desrtroy ? Download and update them and give the a run in safe mode. While in safe mode see if you can unistall them programs and delete the files from your desktop. Download ATF-Cleaner and Killbox and run in safe mode too, you can download these programs from here http://www.freewebs.com/pcswansea/downloads.htm
    Try number 3 and 4 from here http://www.freewebs.com/pcswansea/index.htm
    Post back and lets us know how you get off and we will go through a few more steps
     
  3. The Hound

    The Hound

    Joined:
    May 27, 2007
    Messages:
    3,235
    Best you follow the protocol of the forum:

    Please download Trend Micro's HJTInstall.exe to your Windows Desktop.
    • Doubleclick HJTInstall.exe . The application will install by default to C:\Program Files\Trend Micro\HijackThis
    • Click on the Install button. A shortcut icon will be created on your Windows Desktop.
    • When the installation finishes, the HijackThis application will launch.
    • Click on the Do a system scan and save a log file button. When the scan is complete, a log file should open in notepad.
    • On the notepad document, click Edit>Select All>Edit>Copy and then paste the contents of the log file into your next reply to this thread.

      >>Please-Do Not use the Analyze This button-the results can be dangerous if misinterpreted.
      >>Please-Do Not have HijackThis 'fix' anything yet. Most of what if finds will be harmless or even required.
    Please wait for a malware expert with a shield next to their name to analyze your log and help you to get right again....
     
  4. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    Okay so I tried running my anti virus scanners but nothing worked.. so I went into Aafe Mode and I was able to run Spybot and SUPERspyware and fix problems. Ewido reached a certain point and aborted. Ad-Aware came up with an error message at start up saying bascially that my virus was blocking it from scanning. HiJack This would not produce a log..

    I was able to get into my add/remove programs through Safe Mode. Still couldn't get into Task Manager.

    My system is still in its same state, virus taking over and a million popups.

    I ran VundoFix, there were no problems found. I ran ComboFix and It produced a log.

    ______________________________________________________________

    ComboFix 07-08-04.3 - "flutterby" 11/04/2007 23:46:46.3 [GMT -6:00] - NTFS [SAFE MODE]
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True

    /wow section not completed

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\3721
    C:\Program Files\3721\assist\asbar.dll
    C:\Program Files\3721\helper.dll
    C:\Program Files\Common Files\wnsxs~1
    C:\Program Files\Common Files\wnsxs~1\s?ool32.exe
    C:\Program Files\fnts~1
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\WINNT\764.exe
    C:\WINNT\7search.dll
    C:\WINNT\b122.exe
    C:\WINNT\flt.dll
    C:\WINNT\pbar.dll
    C:\WINNT\system32\.exe
    C:\WINNT\system32\kdtqz.exe
    C:\WINNT\system32\vxddsk.exe
    C:\WINNT\system32\wml.exe
    C:\WINNT\system32\wnstsicomsv32.exe
    C:\WINNT\wml.exe


    ((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))


    2007-11-04 23:52 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3ec.dat
    2007-11-04 23:06 30,976 --a------ C:\WINNT\settn.dll
    2007-11-04 23:06 28,160 --a------ C:\WINNT\kvnab$.exe
    2007-11-04 23:06 27,648 --a------ C:\WINNT\kvnab.dll
    2007-11-04 23:06 20,224 --a------ C:\WINNT\wbeCheck.exe
    2007-11-04 23:06 16,384 --a------ C:\WINNT\wbeInst$.exe
    2007-11-04 23:06 11,776 --a------ C:\WINNT\kvnab.exe
    2007-11-04 23:06 11,264 --a------ C:\WINNT\hcwprn.exe
    2007-11-04 23:06 10,240 --a------ C:\WINNT\pbsysie.dll
    2007-11-04 23:05 12,032 --a------ C:\WINNT\system32\ace16win.dll
    2007-11-04 23:05 <DIR> d-------- C:\Program Files\Accoona
    2007-11-04 21:03 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-04 21:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
    2007-11-04 18:37 40,752 --a--c--- C:\WINNT\system32\dllcache\1394bus.sys
    2007-11-04 15:55 18,432 --a------ C:\WINNT\fkwggshm.exe
    2007-11-04 15:53 4 --a------ C:\WINNT\system32\stfv.bin
    2007-11-04 15:44 32,512 --a------ C:\WINNT\kkcomp.dll
    2007-11-04 15:44 31,232 --a------ C:\WINNT\liqui.exe
    2007-11-04 15:44 29,952 --a------ C:\WINNT\kkcomp$.exe
    2007-11-04 15:44 27,904 --a------ C:\WINNT\fhfmm-Uninstaller.exe
    2007-11-04 15:44 26,368 --a------ C:\WINNT\liqui.dll
    2007-11-04 15:44 26,112 --a------ C:\WINNT\liqad.dll
    2007-11-04 15:44 22,784 --a------ C:\WINNT\system32\msole32.exe
    2007-11-04 15:44 22,272 --a------ C:\WINNT\adbar.dll
    2007-11-04 15:44 21,248 --a------ C:\WINNT\xadbrk_.exe
    2007-11-04 15:44 20,480 --a------ C:\WINNT\liqad.exe
    2007-11-04 15:44 20,480 --a------ C:\WINNT\jd2002.dll
    2007-11-04 15:44 19,968 --a------ C:\WINNT\system32\ESHOPEE.exe
    2007-11-04 15:44 19,456 --a------ C:\WINNT\daxtime.dll
    2007-11-04 15:44 17,408 --a------ C:\WINNT\cbinst$.exe
    2007-11-04 15:44 17,152 --a------ C:\WINNT\spredirect.dll
    2007-11-04 15:44 16,640 --a------ C:\WINNT\xadbrk.exe
    2007-11-04 15:44 14,592 --a------ C:\WINNT\liqui-Uninstaller.exe
    2007-11-04 15:44 14,592 --a------ C:\WINNT\eventlowg.dll
    2007-11-04 15:44 14,080 --a------ C:\WINNT\liqad$.exe
    2007-11-04 15:44 12,288 --a------ C:\WINNT\xadbrk.dll
    2007-11-04 15:44 11,264 --a------ C:\WINNT\kkcomp.exe
    2007-11-04 15:44 10,752 --a------ C:\WINNT\fhfmm.exe
    2007-11-04 15:44 <DIR> d-------- C:\Program Files\e-zshopper
    2007-11-04 15:43 32,000 --a------ C:\WINNT\ie_32.exe
    2007-11-04 15:43 22,784 --a------ C:\WINNT\hotporn.exe
    2007-11-04 15:43 22,272 --a------ C:\WINNT\dp0.dll
    2007-11-04 15:43 19,200 --a------ C:\WINNT\aconti.exe
    2007-11-04 15:43 15,872 --a------ C:\WINNT\xxxvideo.exe
    2007-11-04 15:43 15,104 --a------ C:\WINNT\ngd.dll
    2007-11-04 15:43 <DIR> d-------- C:\WINNT\system32\acespy
    2007-11-04 15:43 <DIR> d-------- C:\Program Files\amsys
    2007-11-04 15:40 25,088 --a------ C:\WINNT\vxddsk.exe
    2007-11-04 15:40 <DIR> d-------- C:\Program Files\akl
    2007-11-04 15:17 12 --a------ C:\WINNT\system32\dpqaqlqx.bin
    2007-11-04 14:47 123,911 --a------ C:\WINNT\system32\vvgeowbv.exe
    2007-11-04 14:46 21,504 --a------ C:\WINNT\system32\aivskurq.dll
    2007-11-04 14:43 12,217 --a------ C:\WINNT\system32\winlogon.scr
    2007-11-04 14:43 12,217 ---hs---- C:\WINNT\system32\drivers\system.exe
    2007-11-04 14:43 12,217 ---hs---- C:\DOCUME~1\FLUTTE~1\winmain.exe
    2007-11-04 14:43 <DIR> d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\WinRAR
    2007-11-04 05:37 60,928 --a------ C:\WINNT\system32\lkuz.dll
    2007-11-04 05:36 35,840 --a------ C:\WINNT\17PHolmes72.exe
    2007-11-01 00:38 <DIR> d-------- C:\Program Files\SeedC Pacific
    2007-10-30 06:15 <DIR> d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Move Networks
    2007-10-30 05:17 <DIR> d-------- C:\Program Files\Communicate!
    2007-10-18 16:20 <DIR> d-------- C:\Program Files\Abra Academy
    2007-10-16 15:40 737,280 --a------ C:\WINNT\iun6002.exe
    2007-10-04 06:37 <DIR> d-------- C:\Program Files\directx
    2007-10-04 06:10 8,464 --a--c--- C:\WINNT\system32\dllcache\kbdkor.dll
    2007-10-04 06:10 8,464 --a------ C:\WINNT\system32\kbdkor.dll
    2007-10-04 06:10 6,928 --a--c--- C:\WINNT\system32\dllcache\kbd101c.dll
    2007-10-04 06:10 6,928 --a------ C:\WINNT\system32\kbd101c.dll
    2007-10-04 06:10 6,416 --a--c--- C:\WINNT\system32\dllcache\kbd103.dll
    2007-10-04 06:10 6,416 --a--c--- C:\WINNT\system32\dllcache\kbd101b.dll
    2007-10-04 06:10 6,416 --a------ C:\WINNT\system32\kbd103.dll
    2007-10-04 06:10 6,416 --a------ C:\WINNT\system32\kbd101b.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    07-11-04 23:18 --------- d-------- C:\Program Files\SUPERAntiSpyware
    07-11-04 21:01 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    07-11-04 19:58 --------- d-a------ C:\Program Files\ewido anti-spyware 4.0
    07-11-04 15:17 36845 --a------ C:\WINNT\system32\drivers\pt.htm
    07-11-04 15:17 12474 --a------ C:\WINNT\system32\drivers\detect.htm
    07-11-04 15:17 1024 --a------ C:\WINNT\system32\drivers\s_detect.htm
    07-11-04 14:46 835 --a------ C:\WINNT\system32\drivers\style.css
    07-11-04 14:46 821 --a------ C:\WINNT\system32\drivers\shadow_bg.gif
    07-11-04 14:46 639 --a------ C:\WINNT\system32\drivers\star.gif
    07-11-04 14:46 550 --a------ C:\WINNT\system32\drivers\star_small.gif
    07-11-04 14:46 53 --a------ C:\WINNT\system32\drivers\sep_vert.gif
    07-11-04 14:46 49 --a------ C:\WINNT\system32\drivers\spacer.gif
    07-11-04 14:46 425 --a------ C:\WINNT\system32\drivers\star_gray.gif
    07-11-04 14:46 3877 --a------ C:\WINNT\system32\drivers\warning_icon.gif
    07-11-04 14:46 291 --a------ C:\WINNT\system32\drivers\v.gif
    07-11-04 14:46 283 --a------ C:\WINNT\system32\drivers\x.gif
    07-11-04 14:46 2798 --a------ C:\WINNT\system32\drivers\shadow.jpg
    07-11-04 14:46 223 --a------ C:\WINNT\system32\drivers\star_gray_small.gif
    07-11-04 14:46 1791 --a------ C:\WINNT\system32\drivers\win_logo.gif
    07-11-04 14:46 13618 --a------ C:\WINNT\system32\drivers\spy_away_box.jpg
    07-11-04 14:45 65 --a------ C:\WINNT\system32\drivers\sep_hor.gif
    07-11-04 14:45 4008 --a------ C:\WINNT\system32\drivers\rating.gif
    07-11-04 14:45 26487 --a------ C:\WINNT\system32\drivers\screenshot.jpg
    07-11-04 14:44 979 --a------ C:\WINNT\system32\drivers\product_2_name_small.gif
    07-11-04 14:44 877 --a------ C:\WINNT\system32\drivers\header_red_bg.gif
    07-11-04 14:44 838 --a------ C:\WINNT\system32\drivers\header_red_free_scan_bg.gif
    07-11-04 14:44 3216 --a------ C:\WINNT\system32\drivers\header_red_free_scan.gif
    07-11-04 14:44 3080 --a------ C:\WINNT\system32\drivers\product_3_header.gif
    07-11-04 14:44 28459 --a------ C:\WINNT\system32\drivers\header_1.gif
    07-11-04 14:44 2604 --a------ C:\WINNT\system32\drivers\product_1_header.gif
    07-11-04 14:44 2214 --a------ C:\WINNT\system32\drivers\product_2_header.gif
    07-11-04 14:44 215 --a------ C:\WINNT\system32\drivers\main_back.gif
    07-11-04 14:44 1714 --a------ C:\WINNT\system32\drivers\product_3_name_small.gif
    07-11-04 14:44 16977 --a------ C:\WINNT\system32\drivers\header_red_protect_your_pc.gif
    07-11-04 14:44 15421 --a------ C:\WINNT\system32\drivers\header_2.gif
    07-11-04 14:44 1330 --a------ C:\WINNT\system32\drivers\product_features.gif
    07-11-04 14:44 1253 --a------ C:\WINNT\system32\drivers\product_1_name_small.gif
    07-11-04 14:44 1204 --a------ C:\WINNT\system32\drivers\infected.gif
    07-11-04 14:44 11077 --a------ C:\WINNT\system32\drivers\header_4.gif
    07-11-04 14:44 10260 --a------ C:\WINNT\system32\drivers\perfect_cleaner_box.jpg
    07-11-04 14:44 10193 --a------ C:\WINNT\system32\drivers\header_3.gif
    07-11-04 14:43 8852 --a------ C:\WINNT\system32\drivers\download_btn.jpg
    07-11-04 14:43 837 --a------ C:\WINNT\system32\drivers\blank.gif
    07-11-04 14:43 4448 --a------ C:\WINNT\system32\drivers\download_now_btn.gif
    07-11-04 14:43 3552 --a------ C:\WINNT\system32\drivers\cell_header_remove.gif
    07-11-04 14:43 3479 --a------ C:\WINNT\system32\drivers\cell_header_scan.gif
    07-11-04 14:43 3313 --a------ C:\WINNT\system32\drivers\cell_header_block.gif
    07-11-04 14:43 2922 --a------ C:\WINNT\system32\drivers\footer_back.jpg
    07-11-04 14:43 2238 --a------ C:\WINNT\system32\drivers\download_box.gif
    07-11-04 14:43 1647 --a------ C:\WINNT\system32\drivers\button_freescan.gif
    07-11-04 14:43 1619 --a------ C:\WINNT\system32\drivers\button_buynow.gif
    07-11-04 14:43 1373 --a------ C:\WINNT\system32\drivers\cell_footer.gif
    07-11-04 14:43 1342 --a------ C:\WINNT\system32\drivers\cell_bg.gif
    07-11-04 14:43 12326 --a------ C:\WINNT\system32\drivers\box_3.gif
    07-11-04 14:43 12313 --a------ C:\WINNT\system32\drivers\box_1.gif
    07-11-04 14:43 1204 --a------ C:\WINNT\system32\d3d9caps.dat
    07-11-04 14:43 11927 --a------ C:\WINNT\system32\drivers\box_2.gif
    07-11-01 00:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
    07-10-31 11:20 --------- d-------- C:\Program Files\OpenOffice.org1.1.2
    07-10-27 16:03 --------- d-------- C:\Program Files\AIM6
    07-10-18 14:36 --------- d-------- C:\Program Files\WinSCP3
    07-10-01 10:21 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Elluminate
    07-09-30 13:46 --------- d-a------ C:\Program Files\Secrets Of Great Art
    07-09-30 09:52 1092 --a------ C:\WINNT\system32\d3d8caps.dat
    07-09-30 01:09 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\acccore
    07-09-30 01:06 --------- d-------- C:\Program Files\Common Files\AOL
    07-09-29 23:48 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Yahoo!
    07-09-25 21:54 --------- d-------- C:\Program Files\MSN Messenger
    07-09-21 05:30 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Skype
    07-09-18 23:59 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Design Science
    07-09-18 23:56 --------- d-------- C:\Program Files\MathType
    05-10-16 16:23 150 --a------ C:\Program Files\Show Desktop.scf
    04-11-05 11:32 21 --a------ C:\Program Files\AVPersonalAVWIN.INI
    04-11-02 11:59 271 ---h----- C:\Program Files\desktop.ini
    04-11-02 11:59 21952 ---h----- C:\Program Files\folder.htt


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
    07-11-04 14:47 21504 --a------ C:\WINNT\system32\aivskurq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5A8AB4C-69DD-012A-DA26-3CE672855FB2}]
    07-11-01 07:44 60928 --a------ C:\WINNT\system32\lkuz.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 17:24 ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
    "LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05-12-09 17:32 ]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [06-01-05 09:58 ]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [06-01-05 10:15 ]
    "LogitechCameraService(E)"="C:\WINNT\system32\ElkCtrl.exe" [04-11-01 19:22 ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07-02-19 21:58 ]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 13:06 ]
    "Aim6"="" []
    "Khytufsm"="C:\Program Files\Common Files\W?nSxS\s?ool32.exe" []
    "main"="C:\WINNT\system32\drivers\system.exe" [07-11-04 14:43 ]
    "default"="C:\Documents and Settings\flutterby\winmain.exe" [07-11-04 14:43 ]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07-08-31 16:46 ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "sysinit"=C:\WINNT\system32\drivers\system.exe
    "winmz"=C:\Documents and Settings\flutterby\winmain.exe

    C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 21:58:43]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\stori.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Blonde10666.gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\b_blu7.gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\354051554_s[1].gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\backgd.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\26.gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Ange.gif
    FriendlyName=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
    R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys
    R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    R3 ichaud;Service for AC'97 Driver (WDM);C:\WINNT\system32\drivers\ichaud.sys
    R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINNT\system32\drivers\LVPrcMon.sys
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys
    R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINNT\system32\Drivers\RootMdm.sys
    R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-04 23:53:21
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-11-04 23:56:51 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 07-11-04 23:55
    C:\ComboFix2.txt ... 07-08-28 00:12
    C:\ComboFix3.txt ... 07-08-07 18:31

    --- E O F ---
     
  5. redoak

    redoak Gone but never forgotten

    Joined:
    Jun 24, 2004
    Messages:
    6,781
    I suggest you stop where you are and wait for a "shielded" responder to come to your assistance. I believe one will appear. Be patient; they are kept very busy with malware problems.

    {redoak}
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    delete that very old version of combofix you have & download the latest version & run it then post its report

    DO it in NORMAL mode NOT safe mode

    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  7. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    OKay so it produced a log but but it won't allow me to open it, in fact I cannot open any note pad documents unless i go to my start- accessories- note pad- open- which is highly annoying and I would like to fix this.



    ------------------------------------------------------------------

    ComboFix 07-11-05.2 - flutterby 2007-11-05 7:24:40.5 - NTFSx86
    Running from: C:\Documents and Settings\flutterby\Desktop\Estelle\Other\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\4.tmp
    C:\5.tmp
    C:\Documents and Settings\Administrator\Application Data\RACLE~1
    C:\Documents and Settings\Administrator\Application Data\YSTEM~1
    C:\Documents and Settings\Administrator\My Documents\ASEMBL~1
    C:\Documents and Settings\Administrator\My Documents\WNSXS~1
    C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
    C:\Documents and Settings\Brendan\Application Data\CROSOF~1.NET
    C:\Documents and Settings\Brendan\My Documents\CURITY~1
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0000
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0001
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0002
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0003
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0004
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0005
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0000
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0001
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0002
    C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0003
    C:\Documents and Settings\Brendan\My Documents\YSTEM3~1
    C:\Documents and Settings\Default User.WINNT\Application Data\CROSOF~1.NET
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0000
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0001
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0002
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0003
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0004
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0005
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0000
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0001
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0002
    C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0003
    C:\Documents and Settings\Default User.WINNT\My Documents\YSTEM3~1
    C:\Documents and Settings\Guest\Application Data\CROSOF~1.NET
    C:\Documents and Settings\Guest\My Documents\CURITY~1
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0000
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0001
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0002
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0003
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0004
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0005
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0000
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0001
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0002
    C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0003
    C:\Documents and Settings\Guest\My Documents\YSTEM3~1
    C:\Program Files\Accoona
    C:\Program Files\Accoona\ASearchAssist.dll
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\WA6P
    C:\WINNT\aconti.exe
    C:\WINNT\adbar.dll
    C:\WINNT\cbinst$.exe
    C:\WINNT\daxtime.dll
    C:\WINNT\dp0.dll
    C:\WINNT\eventlowg.dll
    C:\WINNT\fhfmm-Uninstaller.exe
    C:\WINNT\fhfmm.exe
    C:\WINNT\hcwprn.exe
    C:\WINNT\hotporn.exe
    C:\WINNT\ie_32.exe
    C:\WINNT\jd2002.dll
    C:\WINNT\kkcomp$.exe
    C:\WINNT\kkcomp.dll
    C:\WINNT\kkcomp.exe
    C:\WINNT\kvnab$.exe
    C:\WINNT\kvnab.dll
    C:\WINNT\kvnab.exe
    C:\WINNT\liqad$.exe
    C:\WINNT\liqad.dll
    C:\WINNT\liqad.exe
    C:\WINNT\liqui-Uninstaller.exe
    C:\WINNT\liqui.dll
    C:\WINNT\liqui.exe
    C:\WINNT\ngd.dll
    C:\WINNT\pbsysie.dll
    C:\WINNT\settn.dll
    C:\WINNT\spredirect.dll
    C:\WINNT\system32\drivers\blank.gif
    C:\WINNT\system32\drivers\box_1.gif
    C:\WINNT\system32\drivers\box_2.gif
    C:\WINNT\system32\drivers\box_3.gif
    C:\WINNT\system32\drivers\button_buynow.gif
    C:\WINNT\system32\drivers\button_freescan.gif
    C:\WINNT\system32\drivers\cell_bg.gif
    C:\WINNT\system32\drivers\cell_footer.gif
    C:\WINNT\system32\drivers\cell_header_block.gif
    C:\WINNT\system32\drivers\cell_header_remove.gif
    C:\WINNT\system32\drivers\cell_header_scan.gif
    C:\WINNT\system32\drivers\detect.htm
    C:\WINNT\system32\drivers\download_box.gif
    C:\WINNT\system32\drivers\download_btn.jpg
    C:\WINNT\system32\drivers\download_now_btn.gif
    C:\WINNT\system32\drivers\footer_back.jpg
    C:\WINNT\system32\drivers\header_1.gif
    C:\WINNT\system32\drivers\header_2.gif
    C:\WINNT\system32\drivers\header_3.gif
    C:\WINNT\system32\drivers\header_4.gif
    C:\WINNT\system32\drivers\header_red_bg.gif
    C:\WINNT\system32\drivers\header_red_free_scan.gif
    C:\WINNT\system32\drivers\header_red_free_scan_bg.gif
    C:\WINNT\system32\drivers\header_red_protect_your_pc.gif
    C:\WINNT\system32\drivers\infected.gif
    C:\WINNT\system32\drivers\main_back.gif
    C:\WINNT\system32\drivers\perfect_cleaner_box.jpg
    C:\WINNT\system32\drivers\product_1_header.gif
    C:\WINNT\system32\drivers\product_1_name_small.gif
    C:\WINNT\system32\drivers\product_2_header.gif
    C:\WINNT\system32\drivers\product_2_name_small.gif
    C:\WINNT\system32\drivers\product_3_header.gif
    C:\WINNT\system32\drivers\product_3_name_small.gif
    C:\WINNT\system32\drivers\product_features.gif
    C:\WINNT\system32\drivers\pt.htm
    C:\WINNT\system32\drivers\rating.gif
    C:\WINNT\system32\drivers\s_detect.htm
    C:\WINNT\system32\drivers\screenshot.jpg
    C:\WINNT\system32\drivers\sep_hor.gif
    C:\WINNT\system32\drivers\sep_vert.gif
    C:\WINNT\system32\drivers\shadow.jpg
    C:\WINNT\system32\drivers\shadow_bg.gif
    C:\WINNT\system32\drivers\spacer.gif
    C:\WINNT\system32\drivers\spy_away_box.jpg
    C:\WINNT\system32\drivers\star.gif
    C:\WINNT\system32\drivers\star_gray.gif
    C:\WINNT\system32\drivers\star_gray_small.gif
    C:\WINNT\system32\drivers\star_small.gif
    C:\WINNT\system32\drivers\style.css
    C:\WINNT\system32\drivers\system.exe
    C:\WINNT\system32\drivers\v.gif
    C:\WINNT\system32\drivers\warning_icon.gif
    C:\WINNT\system32\drivers\win_logo.gif
    C:\WINNT\system32\drivers\x.gif
    C:\WINNT\system32\ESHOPEE.exe
    C:\WINNT\system32\lkuz.dll
    C:\WINNT\system32\msole32.exe
    C:\WINNT\vxddsk.exe
    C:\WINNT\wbeCheck.exe
    C:\WINNT\wbeInst$.exe
    C:\WINNT\xadbrk.dll
    C:\WINNT\xadbrk.exe
    C:\WINNT\xadbrk_.exe
    C:\WINNT\xxxvideo.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
    .

    2007-11-05 07:24 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2ec.dat
    2007-11-04 23:05 12,032 --a------ C:\WINNT\system32\ace16win.dll
    2007-11-04 21:03 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-04 21:03 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Lavasoft
    2007-11-04 18:37 40,752 --a--c--- C:\WINNT\system32\dllcache\1394bus.sys
    2007-11-04 15:55 18,432 --a------ C:\WINNT\fkwggshm.exe
    2007-11-04 15:53 4 --a------ C:\WINNT\system32\stfv.bin
    2007-11-04 15:43 <DIR> d-------- C:\WINNT\system32\acespy
    2007-11-04 15:17 12 --a------ C:\WINNT\system32\dpqaqlqx.bin
    2007-11-04 14:47 123,911 --a------ C:\WINNT\system32\vvgeowbv.exe
    2007-11-04 14:46 21,504 --a------ C:\WINNT\system32\aivskurq.dll
    2007-11-04 14:43 12,217 --a------ C:\WINNT\system32\winlogon.scr
    2007-11-04 14:43 12,217 ---hs---- C:\Documents and Settings\flutterby\winmain.exe
    2007-11-04 05:36 35,840 --a------ C:\WINNT\17PHolmes72.exe
    2007-11-01 00:38 <DIR> d-------- C:\Program Files\SeedC Pacific
    2007-10-30 06:15 <DIR> d-------- C:\Documents and Settings\flutterby\Application Data\Move Networks
    2007-10-30 05:17 <DIR> d-------- C:\Program Files\Communicate!
    2007-10-18 16:20 <DIR> d-------- C:\Program Files\Abra Academy
    2007-10-16 15:40 737,280 --a------ C:\WINNT\iun6002.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-05 05:18 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2007-11-05 05:06 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
    2007-11-05 03:48 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Viewpoint
    2007-11-05 03:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-05 01:58 --------- d---a-w C:\Program Files\ewido anti-spyware 4.0
    2007-11-01 06:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-31 21:50 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
    2007-10-31 17:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
    2007-10-27 22:03 --------- d-----w C:\Program Files\AIM6
    2007-10-27 22:01 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\AOL Downloads
    2007-10-27 22:01 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\AOL
    2007-10-18 20:36 --------- d-----w C:\Program Files\WinSCP3
    2007-10-16 20:23 --------- d-----w C:\Program Files\Java
    2007-10-04 12:37 --------- d-----w C:\Program Files\directx
    2007-10-01 16:21 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Elluminate
    2007-09-30 19:46 --------- d---a-w C:\Program Files\Secrets Of Great Art
    2007-09-30 07:09 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\AOL OCP
    2007-09-30 07:09 --------- d-----w C:\Documents and Settings\flutterby\Application Data\acccore
    2007-09-30 07:06 --------- d-----w C:\Program Files\Common Files\AOL
    2007-09-30 05:48 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Yahoo!
    2007-09-26 03:54 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-21 16:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
    2007-09-21 11:30 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Skype
    2007-09-19 05:59 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Design Science
    2007-09-19 05:56 --------- d-----w C:\Program Files\MathType
    2007-09-13 22:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
    2005-10-16 22:23 150 ----a-w C:\Program Files\Show Desktop.scf
    2004-11-05 17:32 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
    2004-11-02 17:59 271 ---h--w C:\Program Files\desktop.ini
    2004-11-02 17:59 21,952 ---h--w C:\Program Files\folder.htt
    1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
    2006-10-08 04:29:20 866,313 --sh--w C:\WINNT\system32\lknpo.bak1
    2006-10-11 04:50:01 905,235 --sh--w C:\WINNT\system32\lknpo.bak2
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
    07-11-04 14:47 21504 --a------ C:\WINNT\system32\aivskurq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 17:24 ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
    "LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05-12-09 17:32 ]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [06-01-05 09:58 ]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [06-01-05 10:15 ]
    "LogitechCameraService(E)"="C:\WINNT\system32\ElkCtrl.exe" [04-11-01 19:22 ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07-02-19 21:58 ]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 13:06 ]
    "Aim6"="" []
    "Khytufsm"="C:\Program Files\Common Files\W?nSxS\s?ool32.exe" []
    "main"="C:\WINNT\system32\drivers\system.exe" []
    "default"="C:\Documents and Settings\flutterby\winmain.exe" [07-11-04 14:43 ]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07-08-31 16:46 ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "sysinit"=C:\WINNT\system32\drivers\system.exe
    "winmz"=C:\Documents and Settings\flutterby\winmain.exe

    C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 21:58:43]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\stori.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Blonde10666.gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\b_blu7.gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\354051554_s[1].gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\backgd.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\26.gif
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
    Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Ange.gif
    FriendlyName=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 12:55 77824]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINNT\\system32\\vvgeowbv.exe,C:\\WINNT\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
    R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys
    R3 ichaud;Service for AC'97 Driver (WDM);C:\WINNT\system32\drivers\ichaud.sys
    R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINNT\system32\drivers\LVPrcMon.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-05 07:27:58
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    main = C:\WINNT\system32\drivers\system.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    default = C:\Documents and Settings\flutterby\winmain.exe??e???e???<?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    sysinit = C:\WINNT\system32\drivers\system.exe??nm?e???e???=???e???<?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    winmz = C:\Documents and Settings\flutterby\winmain.exe??e???e???<?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-05 7:29:57
    .
    --- E O F ---
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    that has a massive amount of problems still showing

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    then

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
      • In the Processes group click Non-Microsoft
      • In the Win32 Services group click Non-Microsoft
      • In the Driver Services group click Non-Microsoft
      • In the Registry group click ALL
      • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
      • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
      • In the File String Search group select ALL
      in the Additional scans sections please press select all and then unselect event viewer. uncheck non-microsoft only
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    Use the Reply button and attach the notepad file here . I will review it when it comes in.
     
  9. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    OKay things are better, no popups, but problems within browser. Everytime I go to a webpage it loads and then turns white and sometimes the font gets all messed up. So I have to "stop" the page from loading completely to "whiteness."

    It wouldn't let me put all the reports here because they were too long. So here are the SDFix and HiJack This Logs.

    SDFIX-----------------------------------------------


    SDFix: Version 1.113

    Run by flutterby on Mon 11/05/2007 at 6:42p

    Microsoft Windows 2000 [Version 5.00.2195]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\22C.TMP - Deleted
    C:\234.TMP - Deleted
    C:\235.TMP - Deleted
    C:\236.TMP - Deleted
    C:\WINNT\system32\aivskurq.dll - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINNT
    No streams found.

    C:\WINNT\system32
    No streams found.

    C:\WINNT\system32\svchost.exe
    No streams found.

    C:\WINNT\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-05 18:51:14
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Tue 26 Jun 2007 4 A..H. --- "C:\WINNT\uccspecb.sys"
    Thu 26 Jul 2007 31 A..H. --- "C:\WINNT\uccspecc.sys"
    Sun 4 Nov 2007 12,217 ..SH. --- "C:\Documents and Settings\flutterby\winmain.exe"
    Mon 27 Feb 2006 56,832 A.SH. --- "C:\Program Files\Outlook Express\MSIMN.EXE"
    Sat 7 Oct 2006 866,313 ..SH. --- "C:\WINNT\system32\lknpo.bak1"
    Tue 10 Oct 2006 905,235 ..SH. --- "C:\WINNT\system32\lknpo.bak2"
    Mon 10 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINNT\DRM\DRMv1.bak"

    Finished!


    HiJack This----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:56:17 PM, on 11/5/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINNT\system32\ElkCtrl.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINNT\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Khytufsm] "C:\Program Files\Common Files\W?nSxS\s?ool32.exe"
    O4 - HKCU\..\Run: [main] C:\WINNT\system32\drivers\system.exe
    O4 - HKCU\..\Run: [default] C:\Documents and Settings\flutterby\winmain.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [sysinit] C:\WINNT\system32\drivers\system.exe
    O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\flutterby\winmain.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bluecoastbikinibabe.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {51739C4B-228C-46AB-A140-1D54F563F3B4} (FSpyDajabaCtl Control) - http://www.spydajaba.com/activex/spydajabactl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3D7C4393-6C40-4244-9D5B-8107169399CC}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95603DCC-FF00-40D1-BC48-AD0EB4C75894}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{96709D8A-E709-4B2C-8E4D-F1874CDAD439}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O24 - Desktop Component 0: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\stori.jpg
    O24 - Desktop Component 1: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Blonde10666.gif
    O24 - Desktop Component 2: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\b_blu7.gif
    O24 - Desktop Component 3: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\354051554_s[1].gif
    O24 - Desktop Component 4: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\backgd.jpg
    O24 - Desktop Component 5: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\26.gif
    O24 - Desktop Component 6: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Ange.gif

    --
    End of file - 11106 bytes
     
  10. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    Okay WinPFind is too long so I am spitting it up into parts.

    WinPFind3---------------------------part1---------------------------

    WinPFind3 logfile created on: 11/5/2007 6:58:59 PM
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\flutterby\Desktop\WinPFind3u\
    Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
    Internet Explorer (Version = 6.0.2800.1106)

    254.42 Mb Total Physical Memory | 36.27 Mb Available Physical Memory | 14.26% Memory free
    616.40 Mb Paging File | 338.93 Mb Available in Paging File | 54.99% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768;

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 14.29 Gb Total Space | 2.47 Gb Free Space | 17.30% Space Free
    D: Drive not present or media not loaded
    Drive E: | 604.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
    F: Drive not present or media not loaded

    Computer Name: BLUE
    Current User Name: flutterby
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ]
    cameraassistant.exe -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> Logitech Inc. [Ver = 9.5.5.1026 | Size = 489472 bytes | Modified Date = 1/5/2006 9:58:38 AM | Attr = ]
    elkctrl.exe -> %System32%\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 7:22:22 PM | Attr = ]
    guard.exe -> %ProgramFiles%\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 5:23:58 PM | Attr = ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 5:24:14 PM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
    logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
    lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 225280 bytes | Modified Date = 12/9/2005 5:32:18 PM | Attr = ]
    lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 81920 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]
    superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 1:06:28 PM | Attr = ]
    teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    (ewido anti-spyware 4.0 guard) ewido anti-spyware 4.0 guard [Win32_Own | Auto | Running] -> %ProgramFiles%\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
    (iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 5:23:58 PM | Attr = ]
    (LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 81920 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]

    [Driver Services - Non-Microsoft Only]
    (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
    (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
    (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
    (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
    (aic116x) aic116x [Kernel | Disabled | Stopped] -> -> File not found
    (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
    (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
    (ami0nt) ami0nt [Kernel | Disabled | Stopped] -> -> File not found
    (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
    (asc) asc [Kernel | Disabled | Stopped] -> -> File not found
    (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
    (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
    (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
    (ATMhelpr) ATMhelpr [Kernel | System | Running] -> %System32%\drivers\ATMHELPR.SYS -> Adobe Systems Incorporated [Ver = 4.0 Build 85 | Size = 4064 bytes | Modified Date = 6/17/1997 6:00:00 AM | Attr = ]
    (BusLogic) BusLogic [Kernel | Disabled | Stopped] -> -> File not found
    (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\FLUTTE~1\LOCALS~1\Temp\catchme.sys -> File not found
    (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
    (Cdr4_2K) Cdr4_2K [Kernel | System | Running] -> %System32%\drivers\cdr4_2K.sys -> Roxio [Ver = 7.1.0.190 | Size = 44288 bytes | Modified Date = 8/8/2007 3:29:40 PM | Attr = ]
    (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\drivers\cdralw2k.sys -> Roxio [Ver = 5.3.2.31 | Size = 23420 bytes | Modified Date = 8/1/2006 12:10:10 PM | Attr = ]
    (Changer) Changer [Kernel | System | Stopped] -> -> File not found
    (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
    (cpqarry2) cpqarry2 [Kernel | Disabled | Stopped] -> -> File not found
    (cpqfcalm) cpqfcalm [Kernel | Disabled | Stopped] -> -> File not found
    (cpqfws2e) cpqfws2e [Kernel | Disabled | Stopped] -> -> File not found
    (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
    (deckzpsx) deckzpsx [Kernel | Disabled | Stopped] -> -> File not found
    (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 369104 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 137936 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    (dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 7312 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    (ewido anti-spyware 4.0 driver) ewido anti-spyware 4.0 driver [Kernel | System | Running] -> %ProgramFiles%\ewido anti-spyware 4.0\guard.sys -> [Ver = | Size = 3968 bytes | Modified Date = 6/16/2006 8:38:54 AM | Attr = ]
    (Fd16_700) Fd16_700 [Kernel | Disabled | Stopped] -> -> File not found
    (fireport) fireport [Kernel | Disabled | Stopped] -> -> File not found
    (flashpnt) flashpnt [Kernel | Disabled | Stopped] -> -> File not found
    (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 2:21:04 AM | Attr = ]
    (i81x) i81x [Kernel | On_Demand | Running] -> %System32%\drivers\i81xnt5.sys -> Intel Corporation [Ver = 5.11.01.0133.3-NT5 Eng. Sample 03:01AM | Size = 68336 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
    (ipsraidn) ipsraidn [Kernel | Disabled | Stopped] -> -> File not found
    (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
    (lp6nds35) lp6nds35 [Kernel | Disabled | Stopped] -> -> File not found
    (Lvckap) Logitech Kernel Audio Processing Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Lvckap.sys -> [Ver = | Size = 2174464 bytes | Modified Date = 12/9/2005 5:35:54 PM | Attr = ]
    (lvmvdrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %System32%\drivers\LVMVdrv.sys -> [Ver = | Size = 2400256 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]
    (LVPrcMon) Logitech LVPrcMon Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LVPrcMon.sys -> [Ver = | Size = 16768 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]
    (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 39424 bytes | Modified Date = 12/5/2005 9:26:16 PM | Attr = R ]
    (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
    (Ncrc710) Ncrc710 [Kernel | Disabled | Stopped] -> -> File not found
    (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
    (PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
    (PID_0928) Logitech QuickCam Express(PID_0928) [Kernel | On_Demand | Running] -> %System32%\drivers\LV561AV.SYS -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 287360 bytes | Modified Date = 12/5/2005 9:27:30 PM | Attr = R ]
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 | Size = 17680 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
    (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
    (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
    (ql2100) ql2100 [Kernel | Disabled | Stopped] -> -> File not found
    (rtl8139) Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.366.0818.1999 | Size = 18704 bytes | Modified Date = 9/24/1999 1:17:18 PM | Attr = ]
    (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
    (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
    (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
    (SecDrv) SecDrv [Kernel | Auto | Running] -> %System32%\drivers\SECDRV.SYS -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date = 4/1/2006 2:35:04 PM | Attr = ]
    (sglfb) sglfb [Kernel | System | Stopped] -> -> File not found
    (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
    (SONYPVM1) Sony Memory Stick Driver(SONYPVM1) [Kernel | Boot | Running] -> %System32%\drivers\SonyPVM1.sys -> Sony Corporation [Ver = 1.3.0526.0 | Size = 28224 bytes | Modified Date = 5/27/2000 5:37:48 AM | Attr = ]
    (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.4.0709.0 | Size = 7921 bytes | Modified Date = 7/10/2002 6:49:20 AM | Attr = ]
    (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
    (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
    (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
    (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
    (tga) tga [Kernel | System | Stopped] -> -> File not found
    (ultra66) ultra66 [Kernel | Disabled | Stopped] -> -> File not found

    [Registry - All]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 5:24:14 PM | Attr = ]
    LogitechCameraAssistant -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> Logitech Inc. [Ver = 9.5.5.1026 | Size = 489472 bytes | Modified Date = 1/5/2006 9:58:38 AM | Attr = ]
    LogitechCameraService(E) -> %System32%\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 7:22:22 PM | Attr = ]
    LogitechVideo[inspector] -> %ProgramFiles%\Logitech\Video\InstallHelper.exe -> Logitech Inc. [Ver = 9.5.5.1026 | Size = 73728 bytes | Modified Date = 1/5/2006 10:15:00 AM | Attr = ]
    LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 225280 bytes | Modified Date = 12/9/2005 5:32:18 PM | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/24/2006 7:21:38 AM | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
    Synchronization Manager -> %System32%\mobsync.exe -> Microsoft Corporation [Ver = 5.00.2195.6627 | Size = 111376 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Aim6 -> -> File not found
    default -> %SystemDrive%\Documents and Settings\flutterby\winmain.exe -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = HS]
    Khytufsm -> %CommonProgramFiles%\W?nSxS\s?ool32.exe -> File not found
    LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
    main -> %System32%\drivers\system.exe -> File not found
    QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/24/2006 7:21:38 AM | Attr = ]
    SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
    SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 1:06:28 PM | Attr = ]
    swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> File not found
    < RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
    sysinit -> %System32%\drivers\system.exe -> File not found
    winmz -> %SystemDrive%\Documents and Settings\flutterby\winmain.exe -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = HS]
    < Common Startup > -> C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup ->
    %AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
    < IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
    Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.00.2184.1 | Size = 163600 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
    < SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
    {7007ACCF-3202-11D1-AAD2-00805FC1270E} [HKLM] -> %System32%\netshell.dll [Network.ConnectionTray] -> Microsoft Corporation [Ver = 5.00.2195.6604 | Size = 477456 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    {35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 81168 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 258048 bytes | Modified Date = 8/29/2002 8:14:40 AM | Attr = ]
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\ewido anti-spyware 4.0\shellexecutehook.dll [ewido anti-spyware 4.0] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Modified Date = 6/16/2006 8:38:50 AM | Attr = ]
    {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\SHELL32.DLL [] -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
    < SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
    {438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\BROWSEUI.DLL [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    {8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\BROWSEUI.DLL [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 80128 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
    schannel.dll -> %System32%\SCHANNEL.DLL -> Microsoft Corporation [Ver = 5.00.2195.7136 | Size = 147216 bytes | Modified Date = 4/25/2007 1:52:16 AM | Attr = ]
    digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 55296 bytes | Modified Date = 8/29/2002 8:14:40 AM | Attr = ]
    msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.00.7753 | Size = 116272 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 5.00.3700.6690 | Size = 243472 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
    C:\WINNT\system32\userinit.exe -> %System32%\USERINIT.EXE -> Microsoft Corporation [Ver = 5.00.2195.6612 | Size = 17680 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 10000 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
    shell32 -> %System32%\SHELL32.DLL -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
    "sysdm.cpl" -> %System32%\SYSDM.CPL -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 125712 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
    C:\WINNT\system32\vvgeowbv.exe -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Modified Date = 11/4/2007 3:17:42 PM | Attr = ]
    C:\WINNT\system32\userinit.exe -> %System32%\USERINIT.EXE -> Microsoft Corporation [Ver = 5.00.2195.6612 | Size = 17680 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 12:41:36 PM | Attr = ]
    crypt32chain -> %System32%\CRYPT32.DLL -> Microsoft Corporation [Ver = 5.131.2195.6926 | Size = 563984 bytes | Modified Date = 4/8/2005 5:54:32 AM | Attr = ]
    cryptnet -> %System32%\CRYPTNET.DLL -> Microsoft Corporation [Ver = 5.131.2195.6926 | Size = 63760 bytes | Modified Date = 4/8/2005 5:54:34 AM | Attr = ]
    cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.00.2195.6713 | Size = 101136 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.00.2195.6608 | Size = 20752 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.00.2195.7000 | Size = 57104 bytes | Modified Date = 4/8/2005 5:54:32 AM | Attr = ]
    wzcnotif -> %System32%\wzcdlg.dll -> Microsoft Corporation [Ver = 5.00.2195.6604 | Size = 52496 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    < HOSTS File > (686 bytes) -> C:\WINNT\System32\drivers\etc\Hosts ->
    127.0.0.1 localhost ->
     
  11. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    WinPFind3--------------------------------part2---------------


    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
    HKLM: Local Page -> C:\windows\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> about:blank ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Local Page -> C:\windows\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.google.com/ ->
    HKCU: SearchAssistant -> http://www.google.com/ie ->
    HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\SHDOCVW.DLL [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
    HKCU: ProxyEnable -> 0 ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {00000012-890e-4aac-afd9-eff6954a34dd} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {029e02f0-a0e5-4b19-b958-7bf2db29fb13} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 3:16:42 AM | Attr = ]
    {06dfedaa-6196-11d5-bfc8-00508b4a487d} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {1adbcce8-cf84-441e-9b38-afc7a19c06a4} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {51641ef3-8a7a-4d84-8659-b0911e947cc8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
    {54645654-2225-4455-44A1-9F4543D34546} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {669695bc-a811-4a9d-8cdf-ba8c795f261e} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
    {944864a5-3916-46e2-96a9-a2e84f3f1208} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {a4a435cf-3583-11d4-91bd-0048546a1450} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {c2680e10-1655-4a0e-87f8-4259325a84b7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {c4ca6559-2cf1-48b6-96b2-8340a06fd129} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {c5af2622-8c75-4dfb-9693-23ab7686a456} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {d8efadf1-9009-11d6-8c73-608c5dc19089} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {e9306072-417e-43e3-81d5-369490beef7c} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
    {4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\SHDOCVW.DLL [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
    {30D02401-6A81-11D0-8274-00C04FD5AE38} [HKLM] -> %System32%\BROWSEUI.DLL [Search Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> %System32%\BROWSEUI.DLL [Media Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} [HKLM] -> %System32%\SHELL32.DLL [File and Folders Search ActiveX Control] -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
    {EFA24E61-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\SHDOCVW.DLL [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
    {EFA24E62-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\SHDOCVW.DLL [History Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
    {EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\SHDOCVW.DLL [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
    ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Address] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Links] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    ShellBrowser\\{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} [HKLM] -> %ProgramFiles%\MorpheusBar\bar\1.bin\MORPHBAR.DLL [Morpheus Toolbar] -> File not found
    WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Address] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Links] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
    WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    WebBrowser\\{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} [HKLM] -> %ProgramFiles%\MorpheusBar\bar\1.bin\MORPHBAR.DLL [Morpheus Toolbar] -> File not found
    WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {3D7C4393-6C40-4244-9D5B-8107169399CC} -> 208.67.220.220,208.67.222.222 (SMC EZ Card 10/100 (SMC1211TX)) ->
    {95603DCC-FF00-40D1-BC48-AD0EB4C75894} -> 208.67.220.220,208.67.222.222 (SMC EZ Card 10/100 (SMC1211TX)) ->
    {96709D8A-E709-4B2C-8E4D-F1874CDAD439} -> 208.67.220.220,208.67.222.222 () ->
    < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
    NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\RNR20.DLL -> Microsoft Corporation [Ver = 5.00.2195.6603 | Size = 36624 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.00.2160.1 | Size = 19216 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.00.2195.6611 | Size = 77072 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.00.2195.6611 | Size = 77072 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    < Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
    shell -> shell protocol not assigned ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    about -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
    bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
    cdl -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    file -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    ftp -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    gopher -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    http -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    https -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    ipp -> Reg Data - Key not found -> File not found
    ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.309 (srv03_gdr.050413-1540) | Size = 128000 bytes | Modified Date = 4/21/2005 8:16:56 AM | Attr = ]
    javascript -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
    local -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    mailto -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
    mhtml -> %System32%\INETCOMM.DLL -> Microsoft Corporation [Ver = 6.00.2800.1896 | Size = 596480 bytes | Modified Date = 11/6/2006 2:47:54 PM | Attr = ]
    mk -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    msdaipp -> Reg Data - Key not found -> File not found
    msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.309 (srv03_gdr.050413-1540) | Size = 128000 bytes | Modified Date = 4/21/2005 8:16:56 AM | Attr = ]
    res -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
    skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 8/25/2007 8:54:38 PM | Attr = R ]
    sysimage -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
    vbscript -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
    vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 844560 bytes | Modified Date = 3/31/2005 1:10:40 AM | Attr = ]
    < Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
    application/octet-stream -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ]
    application/x-complus -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ]
    application/x-msdownload -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ]
    Class Install Handler -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    deflate -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    gzip -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    lzdhtml -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
    text/webviewhtml -> %System32%\SHELL32.DLL -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab ->
    {166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
    {17D72920-7A15-11D4-921E-0080C8DA7A5E} -> AimSp32 Class - CodeBase = http://rimmel.ai-media.com/save/makeover.cab ->
    {193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab ->
    {20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ->
    {233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
    {2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab ->
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
    {31564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmvax.cab ->
    {32564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab ->
    {33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
    {48DD0448-9209-4F81-9F6D-D83562940134} -> MySpace Uploader Control - CodeBase = http://lads.myspace.com/upload/MySpaceUploader.cab ->
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://bluecoastbikinibabe.spaces.live.com//PhotoUpload/MsnPUpld.cab ->
    {51739C4B-228C-46AB-A140-1D54F563F3B4} -> FSpyDajabaCtl Control - CodeBase = http://www.spydajaba.com/activex/spydajabactl.cab ->
    {5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab ->
    {5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab ->
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
    {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -> - CodeBase = http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab ->
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
    {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
    {B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab ->
    {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
    {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} -> LycosMail Upload Control - CodeBase = http://mail.lycos.com/hanmail-ax/AttachMail.cab ->
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
    {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl Object - CodeBase = http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab ->
    {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx ->
    DirectAnimation Java Classes -> - CodeBase = file://C:\WINNT\Java\classes\dajava.cab ->
    Microsoft XML Parser for Java -> - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab ->


    [Files/Folders - Created Within 30 days]
    225.tmp -> %SystemDrive%\225.tmp -> [Ver = | Size = 186608 bytes | Created Date = 11/4/2007 5:36:13 AM | Attr = ]
    226.tmp -> %SystemDrive%\226.tmp -> [Ver = | Size = 23040 bytes | Created Date = 11/4/2007 5:36:21 AM | Attr = ]
    22B.tmp -> %SystemDrive%\22B.tmp -> [Ver = 0, 0, 0, 0 | Size = 9804 bytes | Created Date = 11/4/2007 5:36:29 AM | Attr = ]
    SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 11/5/2007 6:30:06 PM | Attr = ]
    17PHolmes72.exe -> %SystemRoot%\17PHolmes72.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Created Date = 11/4/2007 5:36:55 AM | Attr = ]
    absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk -> [Ver = | Size = 11776 bytes | Created Date = 11/4/2007 3:40:46 PM | Attr = ]
    aconti.ini -> %SystemRoot%\aconti.ini -> [Ver = | Size = 28416 bytes | Created Date = 11/4/2007 11:06:00 PM | Attr = ]
    aconti.sdb -> %SystemRoot%\aconti.sdb -> [Ver = | Size = 14848 bytes | Created Date = 11/4/2007 11:06:01 PM | Attr = ]
    default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1680 bytes | Created Date = 11/4/2007 3:39:22 PM | Attr = ]
    ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 11/5/2007 6:41:23 PM | Attr = ]
    fkwggshm.exe -> %SystemRoot%\fkwggshm.exe -> Microsoft Corp. [Ver = 1.00 | Size = 18432 bytes | Created Date = 11/4/2007 3:55:49 PM | Attr = ]
    iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 10/16/2007 3:40:06 PM | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/4/2007 5:35:41 AM | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/4/2007 5:35:41 AM | Attr = H ]
    TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 11/4/2007 11:54:02 PM | Attr = ]
    ace16win.dll -> %System32%\ace16win.dll -> [Ver = | Size = 12032 bytes | Created Date = 11/4/2007 11:05:58 PM | Attr = ]
    acespy -> %System32%\acespy -> [Folder | Created Date = 11/4/2007 3:43:32 PM | Attr = ]
    ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 11/4/2007 7:26:13 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\ClickToFindandFixErrors_US.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Created Date = 11/4/2007 3:17:48 PM | Attr = ]
    dpqaqlqx.bin -> %System32%\dpqaqlqx.bin -> [Ver = | Size = 12 bytes | Created Date = 11/4/2007 3:17:58 PM | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/16/2007 2:23:23 PM | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/16/2007 2:23:23 PM | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 10/16/2007 2:23:23 PM | Attr = ]
    jpewocmz.ini -> %System32%\jpewocmz.ini -> [Ver = | Size = 4 bytes | Created Date = 11/4/2007 3:17:48 PM | Attr = ]
    Perflib_Perfdata_2ec.dat -> %System32%\Perflib_Perfdata_2ec.dat -> [Ver = | Size = 16384 bytes | Created Date = 11/5/2007 7:24:46 AM | Attr = ]
    stfv.bin -> %System32%\stfv.bin -> [Ver = | Size = 4 bytes | Created Date = 11/4/2007 3:53:14 PM | Attr = ]
    sznf.ascii -> %System32%\sznf.ascii -> [Ver = | Size = 92 bytes | Created Date = 11/4/2007 3:17:59 PM | Attr = ]
    vvgeowbv.exe -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Created Date = 11/4/2007 2:47:52 PM | Attr = ]
    winlogon.scr -> %System32%\winlogon.scr -> [Ver = | Size = 12217 bytes | Created Date = 11/4/2007 2:43:18 PM | Attr = ]
     
  12. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    WinPFind3------------------------part3---------------------


    [Files/Folders - Modified Within 30 days]
    225.tmp -> %SystemDrive%\225.tmp -> [Ver = | Size = 186608 bytes | Modified Date = 11/4/2007 5:36:22 AM | Attr = ]
    226.tmp -> %SystemDrive%\226.tmp -> [Ver = | Size = 23040 bytes | Modified Date = 11/4/2007 5:36:24 AM | Attr = ]
    22B.tmp -> %SystemDrive%\22B.tmp -> [Ver = 0, 0, 0, 0 | Size = 9804 bytes | Modified Date = 11/4/2007 5:36:32 AM | Attr = ]
    ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 139 bytes | Modified Date = 11/5/2007 10:54:30 AM | Attr = ]
    IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1446 bytes | Modified Date = 10/27/2007 4:03:06 PM | Attr = H ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/5/2007 10:54:36 AM | Attr = R ]
    QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 11/5/2007 7:14:00 AM | Attr = ]
    SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 11/5/2007 6:53:44 PM | Attr = ]
    WINNT -> %SystemRoot% -> [Folder | Modified Date = 11/5/2007 6:41:24 PM | Attr = ]
    17PHolmes72.exe -> %SystemRoot%\17PHolmes72.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/4/2007 5:36:56 AM | Attr = ]
    absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk -> [Ver = | Size = 11776 bytes | Modified Date = 11/4/2007 3:40:48 PM | Attr = ]
    aconti.ini -> %SystemRoot%\aconti.ini -> [Ver = | Size = 28416 bytes | Modified Date = 11/4/2007 11:06:02 PM | Attr = ]
    aconti.sdb -> %SystemRoot%\aconti.sdb -> [Ver = | Size = 14848 bytes | Modified Date = 11/4/2007 11:06:02 PM | Attr = ]
    catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/29/2007 6:56:20 PM | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 11/5/2007 3:45:10 PM | Attr = HS]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 11/5/2007 6:51:02 PM | Attr = ]
    default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1680 bytes | Modified Date = 11/4/2007 11:50:08 PM | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/30/2007 7:11:04 PM | Attr = S]
    ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 11/5/2007 6:41:34 PM | Attr = ]
    fkwggshm.exe -> %SystemRoot%\fkwggshm.exe -> Microsoft Corp. [Ver = 1.00 | Size = 18432 bytes | Modified Date = 11/4/2007 11:32:40 PM | Attr = ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/4/2007 9:03:30 PM | Attr = HS]
    iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 10/16/2007 3:39:02 PM | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/4/2007 5:35:42 AM | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/4/2007 2:42:46 PM | Attr = H ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 11/5/2007 7:18:04 AM | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 11/5/2007 6:51:10 PM | Attr = ]
    TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 11/5/2007 6:51:12 PM | Attr = ]
    wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 299 bytes | Modified Date = 11/4/2007 11:05:18 PM | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/5/2007 6:49:34 PM | Attr = H ]
    ace16win.dll -> %System32%\ace16win.dll -> [Ver = | Size = 12032 bytes | Modified Date = 11/4/2007 11:06:00 PM | Attr = ]
    acespy -> %System32%\acespy -> [Folder | Modified Date = 11/4/2007 3:43:40 PM | Attr = ]
    ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 11/4/2007 7:26:14 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\ClickToFindandFixErrors_US.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 1204 bytes | Modified Date = 11/4/2007 2:43:02 PM | Attr = ]
    din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Modified Date = 11/4/2007 3:17:50 PM | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 11/4/2007 6:37:20 PM | Attr = RHS]
    dpqaqlqx.bin -> %System32%\dpqaqlqx.bin -> [Ver = | Size = 12 bytes | Modified Date = 11/4/2007 3:18:00 PM | Attr = ]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 11/5/2007 7:24:50 AM | Attr = ]
    ias -> %System32%\ias -> [Folder | Modified Date = 11/5/2007 6:51:12 PM | Attr = ]
    jpewocmz.ini -> %System32%\jpewocmz.ini -> [Ver = | Size = 4 bytes | Modified Date = 11/4/2007 3:17:50 PM | Attr = ]
    NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 11/5/2007 6:50:30 PM | Attr = ]
    Perflib_Perfdata_2ec.dat -> %System32%\Perflib_Perfdata_2ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/5/2007 7:24:48 AM | Attr = ]
    stfv.bin -> %System32%\stfv.bin -> [Ver = | Size = 4 bytes | Modified Date = 11/5/2007 6:29:32 PM | Attr = ]
    sznf.ascii -> %System32%\sznf.ascii -> [Ver = | Size = 92 bytes | Modified Date = 11/4/2007 3:18:00 PM | Attr = ]
    vvgeowbv.exe -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Modified Date = 11/4/2007 3:17:42 PM | Attr = ]
    winlogon.scr -> %System32%\winlogon.scr -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = ]
    etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/5/2007 6:43:16 PM | Attr = ]






    [File String Scan - All]
    UPX! , -> %SystemDrive%\22B.tmp -> [Ver = 0, 0, 0, 0 | Size = 9804 bytes | Modified Date = 11/4/2007 5:36:32 AM | Attr = ]
    UPX! , UPX0 , -> %SystemDrive%\KillBox.exe -> Option^Explicit Software [email protected] [Ver = 2.00.0532 | Size = 69120 bytes | Modified Date = 10/11/2006 6:59:06 PM | Attr = ]
    UPX! , UPX0 , -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.01.0006 | Size = 86528 bytes | Modified Date = 9/28/2006 11:35:56 AM | Attr = ]
    UPX! , -> %SystemRoot%\17PHolmes72.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/4/2007 5:36:56 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Blue Lace 16.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Coffee Bean.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\FeatherTexture.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    UPX! , UPX0 , -> %SystemRoot%\fkwggshm.exe -> Microsoft Corp. [Ver = 1.00 | Size = 18432 bytes | Modified Date = 11/4/2007 11:32:40 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Gone Fishing.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 7000 bytes -> %SystemRoot%\Mozilla Wallpaper.bmp:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Mozilla Wallpaper.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 3864 bytes -> %SystemRoot%\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Prairie Wind.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Rhododendron.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\River Sumida.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 3840 bytes -> %SystemRoot%\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Santa Fe Stucco.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 5832 bytes -> %SystemRoot%\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Soap Bubbles.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\winnt.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 2724 bytes -> %SystemRoot%\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\winnt256.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Zapotec.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %System32%\ClickToFindandFixErrors_US.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %System32%\getstart.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %System32%\Help.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    Thawte Consulting , USERTRUST , -> %System32%\INITPKI.DLL -> Microsoft Corporation [Ver = 5.131.2195.6601 | Size = 138000 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
    WSUD , -> %System32%\mfc42u.dll -> Microsoft Corporation [Ver = 6.00.9792.0 | Size = 1011774 bytes | Modified Date = 11/2/2006 11:31:40 AM | Attr = ]
    PECompact2 , aspack , -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.31.2276.0 | Size = 16256984 bytes | Modified Date = 6/28/2007 1:57:28 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\n2k.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 1256 bytes -> %System32%\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %System32%\ntimage.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %System32%\pavas.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    Umonitor , -> %System32%\RASDLG.DLL -> Microsoft Corporation [Ver = 5.00.2195.6920 | Size = 531216 bytes | Modified Date = 1/12/2005 1:39:46 PM | Attr = ]
    @Alternate Data Stream - 2980 bytes -> %System32%\setup.bmp:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %System32%\setup.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\tunes.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %System32%\Uninstall.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    UPX! , UPX0 , -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Modified Date = 11/4/2007 3:17:42 PM | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
    FSG! , -> %System32%\winlogon.scr -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> Microsoft Corporation [Ver = 7.0.1.4326 | Size = 8929280 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
    WSUD , -> %System32%\dllcache\mfc42u.dll -> Microsoft Corporation [Ver = 6.00.9792.0 | Size = 1011774 bytes | Modified Date = 11/2/2006 11:31:40 AM | Attr = ]
    Umonitor , -> %System32%\dllcache\rasdlg.dll -> Microsoft Corporation [Ver = 5.00.2195.6920 | Size = 531216 bytes | Modified Date = 1/12/2005 1:39:46 PM | Attr = ]

    < End of report >
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    read myy instructions & ATTACH winpfind report

    we cannot use it pasted into forum as many entries get corrupted by forum software
     
  14. bluecoastbikini

    bluecoastbikini Thread Starter

    Joined:
    Sep 17, 2006
    Messages:
    50
    okay....pfft.
     

    Attached Files:

  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Unfortunately that is NOT a full winpfind log & doesn't show all the locations we need to be able to deal with this

    please read my previous post carefully and configure winpfind exactly as asked if we are to have any chance of fighting this
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647847

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice