Solved: I have a Virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bluecoastbikini

Thread Starter
Joined
Sep 17, 2006
Messages
50
Hello. I have a virus. It put two exe files on my desktop labeled "leeman_bot.exe" and "leeman_2.exe" that appeared there and seem to be linked with the virus. I was able to delete the bot one, but not the 2 one. When I try to delete it, it says "Cannot be deleted. Access is denied. Source may be in use."

There are two programs in my start - programs called "Outerinfo" and "Internet Speed Monitor." It wont let me uninstall them, instead it takes me to a spyware remover webpage *cough* scam.

I get constant popups, and constant "your system is infected" BS. The Little flashing Explanation point in the yellow trangle in my system tray which tells me "Warning: Your system is infected with Spyware - Click for more details"

This is really annoying, and anytime I try to go to a webpage it gives me a thousand popups and sometimes I cannot even access certain webpages at all.

When I click Control-Alt-Delete, it won't let me select the Task Manager, it's greyed out so it's not a clickable button.

Also, I cannot access my add/remove programs, When I click add/remove programs, there is a blank space where the programs should be listed, and it freezes like that. I can't remove the add/remove programs from my taskbar until I restart my computer.


HELP PLEASE! Thank you!
 
Joined
Nov 4, 2007
Messages
22
Hi,,,, have you run ad-ware se and spybot search and Desrtroy ? Download and update them and give the a run in safe mode. While in safe mode see if you can unistall them programs and delete the files from your desktop. Download ATF-Cleaner and Killbox and run in safe mode too, you can download these programs from here http://www.freewebs.com/pcswansea/downloads.htm
Try number 3 and 4 from here http://www.freewebs.com/pcswansea/index.htm
Post back and lets us know how you get off and we will go through a few more steps
 
Joined
May 27, 2007
Messages
3,235
Best you follow the protocol of the forum:

Please download Trend Micro's HJTInstall.exe to your Windows Desktop.
  • Doubleclick HJTInstall.exe . The application will install by default to C:\Program Files\Trend Micro\HijackThis
  • Click on the Install button. A shortcut icon will be created on your Windows Desktop.
  • When the installation finishes, the HijackThis application will launch.
  • Click on the Do a system scan and save a log file button. When the scan is complete, a log file should open in notepad.
  • On the notepad document, click Edit>Select All>Edit>Copy and then paste the contents of the log file into your next reply to this thread.

    >>Please-Do Not use the Analyze This button-the results can be dangerous if misinterpreted.
    >>Please-Do Not have HijackThis 'fix' anything yet. Most of what if finds will be harmless or even required.
Please wait for a malware expert with a shield next to their name to analyze your log and help you to get right again....
 

bluecoastbikini

Thread Starter
Joined
Sep 17, 2006
Messages
50
Okay so I tried running my anti virus scanners but nothing worked.. so I went into Aafe Mode and I was able to run Spybot and SUPERspyware and fix problems. Ewido reached a certain point and aborted. Ad-Aware came up with an error message at start up saying bascially that my virus was blocking it from scanning. HiJack This would not produce a log..

I was able to get into my add/remove programs through Safe Mode. Still couldn't get into Task Manager.

My system is still in its same state, virus taking over and a million popups.

I ran VundoFix, there were no problems found. I ran ComboFix and It produced a log.

______________________________________________________________

ComboFix 07-08-04.3 - "flutterby" 11/04/2007 23:46:46.3 [GMT -6:00] - NTFS [SAFE MODE]
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True

/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\wnsxs~1\s?ool32.exe
C:\Program Files\fnts~1
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINNT\764.exe
C:\WINNT\7search.dll
C:\WINNT\b122.exe
C:\WINNT\flt.dll
C:\WINNT\pbar.dll
C:\WINNT\system32\.exe
C:\WINNT\system32\kdtqz.exe
C:\WINNT\system32\vxddsk.exe
C:\WINNT\system32\wml.exe
C:\WINNT\system32\wnstsicomsv32.exe
C:\WINNT\wml.exe


((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))


2007-11-04 23:52 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3ec.dat
2007-11-04 23:06 30,976 --a------ C:\WINNT\settn.dll
2007-11-04 23:06 28,160 --a------ C:\WINNT\kvnab$.exe
2007-11-04 23:06 27,648 --a------ C:\WINNT\kvnab.dll
2007-11-04 23:06 20,224 --a------ C:\WINNT\wbeCheck.exe
2007-11-04 23:06 16,384 --a------ C:\WINNT\wbeInst$.exe
2007-11-04 23:06 11,776 --a------ C:\WINNT\kvnab.exe
2007-11-04 23:06 11,264 --a------ C:\WINNT\hcwprn.exe
2007-11-04 23:06 10,240 --a------ C:\WINNT\pbsysie.dll
2007-11-04 23:05 12,032 --a------ C:\WINNT\system32\ace16win.dll
2007-11-04 23:05 <DIR> d-------- C:\Program Files\Accoona
2007-11-04 21:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-04 21:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-11-04 18:37 40,752 --a--c--- C:\WINNT\system32\dllcache\1394bus.sys
2007-11-04 15:55 18,432 --a------ C:\WINNT\fkwggshm.exe
2007-11-04 15:53 4 --a------ C:\WINNT\system32\stfv.bin
2007-11-04 15:44 32,512 --a------ C:\WINNT\kkcomp.dll
2007-11-04 15:44 31,232 --a------ C:\WINNT\liqui.exe
2007-11-04 15:44 29,952 --a------ C:\WINNT\kkcomp$.exe
2007-11-04 15:44 27,904 --a------ C:\WINNT\fhfmm-Uninstaller.exe
2007-11-04 15:44 26,368 --a------ C:\WINNT\liqui.dll
2007-11-04 15:44 26,112 --a------ C:\WINNT\liqad.dll
2007-11-04 15:44 22,784 --a------ C:\WINNT\system32\msole32.exe
2007-11-04 15:44 22,272 --a------ C:\WINNT\adbar.dll
2007-11-04 15:44 21,248 --a------ C:\WINNT\xadbrk_.exe
2007-11-04 15:44 20,480 --a------ C:\WINNT\liqad.exe
2007-11-04 15:44 20,480 --a------ C:\WINNT\jd2002.dll
2007-11-04 15:44 19,968 --a------ C:\WINNT\system32\ESHOPEE.exe
2007-11-04 15:44 19,456 --a------ C:\WINNT\daxtime.dll
2007-11-04 15:44 17,408 --a------ C:\WINNT\cbinst$.exe
2007-11-04 15:44 17,152 --a------ C:\WINNT\spredirect.dll
2007-11-04 15:44 16,640 --a------ C:\WINNT\xadbrk.exe
2007-11-04 15:44 14,592 --a------ C:\WINNT\liqui-Uninstaller.exe
2007-11-04 15:44 14,592 --a------ C:\WINNT\eventlowg.dll
2007-11-04 15:44 14,080 --a------ C:\WINNT\liqad$.exe
2007-11-04 15:44 12,288 --a------ C:\WINNT\xadbrk.dll
2007-11-04 15:44 11,264 --a------ C:\WINNT\kkcomp.exe
2007-11-04 15:44 10,752 --a------ C:\WINNT\fhfmm.exe
2007-11-04 15:44 <DIR> d-------- C:\Program Files\e-zshopper
2007-11-04 15:43 32,000 --a------ C:\WINNT\ie_32.exe
2007-11-04 15:43 22,784 --a------ C:\WINNT\hotporn.exe
2007-11-04 15:43 22,272 --a------ C:\WINNT\dp0.dll
2007-11-04 15:43 19,200 --a------ C:\WINNT\aconti.exe
2007-11-04 15:43 15,872 --a------ C:\WINNT\xxxvideo.exe
2007-11-04 15:43 15,104 --a------ C:\WINNT\ngd.dll
2007-11-04 15:43 <DIR> d-------- C:\WINNT\system32\acespy
2007-11-04 15:43 <DIR> d-------- C:\Program Files\amsys
2007-11-04 15:40 25,088 --a------ C:\WINNT\vxddsk.exe
2007-11-04 15:40 <DIR> d-------- C:\Program Files\akl
2007-11-04 15:17 12 --a------ C:\WINNT\system32\dpqaqlqx.bin
2007-11-04 14:47 123,911 --a------ C:\WINNT\system32\vvgeowbv.exe
2007-11-04 14:46 21,504 --a------ C:\WINNT\system32\aivskurq.dll
2007-11-04 14:43 12,217 --a------ C:\WINNT\system32\winlogon.scr
2007-11-04 14:43 12,217 ---hs---- C:\WINNT\system32\drivers\system.exe
2007-11-04 14:43 12,217 ---hs---- C:\DOCUME~1\FLUTTE~1\winmain.exe
2007-11-04 14:43 <DIR> d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\WinRAR
2007-11-04 05:37 60,928 --a------ C:\WINNT\system32\lkuz.dll
2007-11-04 05:36 35,840 --a------ C:\WINNT\17PHolmes72.exe
2007-11-01 00:38 <DIR> d-------- C:\Program Files\SeedC Pacific
2007-10-30 06:15 <DIR> d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Move Networks
2007-10-30 05:17 <DIR> d-------- C:\Program Files\Communicate!
2007-10-18 16:20 <DIR> d-------- C:\Program Files\Abra Academy
2007-10-16 15:40 737,280 --a------ C:\WINNT\iun6002.exe
2007-10-04 06:37 <DIR> d-------- C:\Program Files\directx
2007-10-04 06:10 8,464 --a--c--- C:\WINNT\system32\dllcache\kbdkor.dll
2007-10-04 06:10 8,464 --a------ C:\WINNT\system32\kbdkor.dll
2007-10-04 06:10 6,928 --a--c--- C:\WINNT\system32\dllcache\kbd101c.dll
2007-10-04 06:10 6,928 --a------ C:\WINNT\system32\kbd101c.dll
2007-10-04 06:10 6,416 --a--c--- C:\WINNT\system32\dllcache\kbd103.dll
2007-10-04 06:10 6,416 --a--c--- C:\WINNT\system32\dllcache\kbd101b.dll
2007-10-04 06:10 6,416 --a------ C:\WINNT\system32\kbd103.dll
2007-10-04 06:10 6,416 --a------ C:\WINNT\system32\kbd101b.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-11-04 23:18 --------- d-------- C:\Program Files\SUPERAntiSpyware
07-11-04 21:01 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
07-11-04 19:58 --------- d-a------ C:\Program Files\ewido anti-spyware 4.0
07-11-04 15:17 36845 --a------ C:\WINNT\system32\drivers\pt.htm
07-11-04 15:17 12474 --a------ C:\WINNT\system32\drivers\detect.htm
07-11-04 15:17 1024 --a------ C:\WINNT\system32\drivers\s_detect.htm
07-11-04 14:46 835 --a------ C:\WINNT\system32\drivers\style.css
07-11-04 14:46 821 --a------ C:\WINNT\system32\drivers\shadow_bg.gif
07-11-04 14:46 639 --a------ C:\WINNT\system32\drivers\star.gif
07-11-04 14:46 550 --a------ C:\WINNT\system32\drivers\star_small.gif
07-11-04 14:46 53 --a------ C:\WINNT\system32\drivers\sep_vert.gif
07-11-04 14:46 49 --a------ C:\WINNT\system32\drivers\spacer.gif
07-11-04 14:46 425 --a------ C:\WINNT\system32\drivers\star_gray.gif
07-11-04 14:46 3877 --a------ C:\WINNT\system32\drivers\warning_icon.gif
07-11-04 14:46 291 --a------ C:\WINNT\system32\drivers\v.gif
07-11-04 14:46 283 --a------ C:\WINNT\system32\drivers\x.gif
07-11-04 14:46 2798 --a------ C:\WINNT\system32\drivers\shadow.jpg
07-11-04 14:46 223 --a------ C:\WINNT\system32\drivers\star_gray_small.gif
07-11-04 14:46 1791 --a------ C:\WINNT\system32\drivers\win_logo.gif
07-11-04 14:46 13618 --a------ C:\WINNT\system32\drivers\spy_away_box.jpg
07-11-04 14:45 65 --a------ C:\WINNT\system32\drivers\sep_hor.gif
07-11-04 14:45 4008 --a------ C:\WINNT\system32\drivers\rating.gif
07-11-04 14:45 26487 --a------ C:\WINNT\system32\drivers\screenshot.jpg
07-11-04 14:44 979 --a------ C:\WINNT\system32\drivers\product_2_name_small.gif
07-11-04 14:44 877 --a------ C:\WINNT\system32\drivers\header_red_bg.gif
07-11-04 14:44 838 --a------ C:\WINNT\system32\drivers\header_red_free_scan_bg.gif
07-11-04 14:44 3216 --a------ C:\WINNT\system32\drivers\header_red_free_scan.gif
07-11-04 14:44 3080 --a------ C:\WINNT\system32\drivers\product_3_header.gif
07-11-04 14:44 28459 --a------ C:\WINNT\system32\drivers\header_1.gif
07-11-04 14:44 2604 --a------ C:\WINNT\system32\drivers\product_1_header.gif
07-11-04 14:44 2214 --a------ C:\WINNT\system32\drivers\product_2_header.gif
07-11-04 14:44 215 --a------ C:\WINNT\system32\drivers\main_back.gif
07-11-04 14:44 1714 --a------ C:\WINNT\system32\drivers\product_3_name_small.gif
07-11-04 14:44 16977 --a------ C:\WINNT\system32\drivers\header_red_protect_your_pc.gif
07-11-04 14:44 15421 --a------ C:\WINNT\system32\drivers\header_2.gif
07-11-04 14:44 1330 --a------ C:\WINNT\system32\drivers\product_features.gif
07-11-04 14:44 1253 --a------ C:\WINNT\system32\drivers\product_1_name_small.gif
07-11-04 14:44 1204 --a------ C:\WINNT\system32\drivers\infected.gif
07-11-04 14:44 11077 --a------ C:\WINNT\system32\drivers\header_4.gif
07-11-04 14:44 10260 --a------ C:\WINNT\system32\drivers\perfect_cleaner_box.jpg
07-11-04 14:44 10193 --a------ C:\WINNT\system32\drivers\header_3.gif
07-11-04 14:43 8852 --a------ C:\WINNT\system32\drivers\download_btn.jpg
07-11-04 14:43 837 --a------ C:\WINNT\system32\drivers\blank.gif
07-11-04 14:43 4448 --a------ C:\WINNT\system32\drivers\download_now_btn.gif
07-11-04 14:43 3552 --a------ C:\WINNT\system32\drivers\cell_header_remove.gif
07-11-04 14:43 3479 --a------ C:\WINNT\system32\drivers\cell_header_scan.gif
07-11-04 14:43 3313 --a------ C:\WINNT\system32\drivers\cell_header_block.gif
07-11-04 14:43 2922 --a------ C:\WINNT\system32\drivers\footer_back.jpg
07-11-04 14:43 2238 --a------ C:\WINNT\system32\drivers\download_box.gif
07-11-04 14:43 1647 --a------ C:\WINNT\system32\drivers\button_freescan.gif
07-11-04 14:43 1619 --a------ C:\WINNT\system32\drivers\button_buynow.gif
07-11-04 14:43 1373 --a------ C:\WINNT\system32\drivers\cell_footer.gif
07-11-04 14:43 1342 --a------ C:\WINNT\system32\drivers\cell_bg.gif
07-11-04 14:43 12326 --a------ C:\WINNT\system32\drivers\box_3.gif
07-11-04 14:43 12313 --a------ C:\WINNT\system32\drivers\box_1.gif
07-11-04 14:43 1204 --a------ C:\WINNT\system32\d3d9caps.dat
07-11-04 14:43 11927 --a------ C:\WINNT\system32\drivers\box_2.gif
07-11-01 00:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-10-31 11:20 --------- d-------- C:\Program Files\OpenOffice.org1.1.2
07-10-27 16:03 --------- d-------- C:\Program Files\AIM6
07-10-18 14:36 --------- d-------- C:\Program Files\WinSCP3
07-10-01 10:21 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Elluminate
07-09-30 13:46 --------- d-a------ C:\Program Files\Secrets Of Great Art
07-09-30 09:52 1092 --a------ C:\WINNT\system32\d3d8caps.dat
07-09-30 01:09 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\acccore
07-09-30 01:06 --------- d-------- C:\Program Files\Common Files\AOL
07-09-29 23:48 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Yahoo!
07-09-25 21:54 --------- d-------- C:\Program Files\MSN Messenger
07-09-21 05:30 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Skype
07-09-18 23:59 --------- d-------- C:\DOCUME~1\FLUTTE~1\APPLIC~1\Design Science
07-09-18 23:56 --------- d-------- C:\Program Files\MathType
05-10-16 16:23 150 --a------ C:\Program Files\Show Desktop.scf
04-11-05 11:32 21 --a------ C:\Program Files\AVPersonalAVWIN.INI
04-11-02 11:59 271 ---h----- C:\Program Files\desktop.ini
04-11-02 11:59 21952 ---h----- C:\Program Files\folder.htt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
07-11-04 14:47 21504 --a------ C:\WINNT\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5A8AB4C-69DD-012A-DA26-3CE672855FB2}]
07-11-01 07:44 60928 --a------ C:\WINNT\system32\lkuz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 17:24 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
"LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05-12-09 17:32 ]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [06-01-05 09:58 ]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [06-01-05 10:15 ]
"LogitechCameraService(E)"="C:\WINNT\system32\ElkCtrl.exe" [04-11-01 19:22 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07-02-19 21:58 ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 13:06 ]
"Aim6"="" []
"Khytufsm"="C:\Program Files\Common Files\W?nSxS\s?ool32.exe" []
"main"="C:\WINNT\system32\drivers\system.exe" [07-11-04 14:43 ]
"default"="C:\Documents and Settings\flutterby\winmain.exe" [07-11-04 14:43 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07-08-31 16:46 ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"sysinit"=C:\WINNT\system32\drivers\system.exe
"winmz"=C:\Documents and Settings\flutterby\winmain.exe

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 21:58:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\stori.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Blonde10666.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\b_blu7.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\354051554_s[1].gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\backgd.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\26.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Ange.gif
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R3 ichaud;Service for AC'97 Driver (WDM);C:\WINNT\system32\drivers\ichaud.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINNT\system32\drivers\LVPrcMon.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINNT\system32\Drivers\RootMdm.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 23:53:21
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-11-04 23:56:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-11-04 23:55
C:\ComboFix2.txt ... 07-08-28 00:12
C:\ComboFix3.txt ... 07-08-07 18:31

--- E O F ---
 

redoak

Gone but never forgotten
Joined
Jun 24, 2004
Messages
6,781
I suggest you stop where you are and wait for a "shielded" responder to come to your assistance. I believe one will appear. Be patient; they are kept very busy with malware problems.

{redoak}
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
delete that very old version of combofix you have & download the latest version & run it then post its report

DO it in NORMAL mode NOT safe mode

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
 

bluecoastbikini

Thread Starter
Joined
Sep 17, 2006
Messages
50
OKay so it produced a log but but it won't allow me to open it, in fact I cannot open any note pad documents unless i go to my start- accessories- note pad- open- which is highly annoying and I would like to fix this.



------------------------------------------------------------------

ComboFix 07-11-05.2 - flutterby 2007-11-05 7:24:40.5 - NTFSx86
Running from: C:\Documents and Settings\flutterby\Desktop\Estelle\Other\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\4.tmp
C:\5.tmp
C:\Documents and Settings\Administrator\Application Data\RACLE~1
C:\Documents and Settings\Administrator\Application Data\YSTEM~1
C:\Documents and Settings\Administrator\My Documents\ASEMBL~1
C:\Documents and Settings\Administrator\My Documents\WNSXS~1
C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\Brendan\Application Data\CROSOF~1.NET
C:\Documents and Settings\Brendan\My Documents\CURITY~1
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0000
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0001
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0002
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0003
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0004
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-468.0005
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0000
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0001
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0002
C:\Documents and Settings\Brendan\My Documents\CURITY~1\CURITY~1\ctxad-469.0003
C:\Documents and Settings\Brendan\My Documents\YSTEM3~1
C:\Documents and Settings\Default User.WINNT\Application Data\CROSOF~1.NET
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0000
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0001
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0002
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0003
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0004
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-468.0005
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0000
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0001
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0002
C:\Documents and Settings\Default User.WINNT\My Documents\CURITY~1\CURITY~1\ctxad-469.0003
C:\Documents and Settings\Default User.WINNT\My Documents\YSTEM3~1
C:\Documents and Settings\Guest\Application Data\CROSOF~1.NET
C:\Documents and Settings\Guest\My Documents\CURITY~1
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0000
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0001
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0002
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0003
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0004
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-468.0005
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0000
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0001
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0002
C:\Documents and Settings\Guest\My Documents\CURITY~1\CURITY~1\ctxad-469.0003
C:\Documents and Settings\Guest\My Documents\YSTEM3~1
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\WA6P
C:\WINNT\aconti.exe
C:\WINNT\adbar.dll
C:\WINNT\cbinst$.exe
C:\WINNT\daxtime.dll
C:\WINNT\dp0.dll
C:\WINNT\eventlowg.dll
C:\WINNT\fhfmm-Uninstaller.exe
C:\WINNT\fhfmm.exe
C:\WINNT\hcwprn.exe
C:\WINNT\hotporn.exe
C:\WINNT\ie_32.exe
C:\WINNT\jd2002.dll
C:\WINNT\kkcomp$.exe
C:\WINNT\kkcomp.dll
C:\WINNT\kkcomp.exe
C:\WINNT\kvnab$.exe
C:\WINNT\kvnab.dll
C:\WINNT\kvnab.exe
C:\WINNT\liqad$.exe
C:\WINNT\liqad.dll
C:\WINNT\liqad.exe
C:\WINNT\liqui-Uninstaller.exe
C:\WINNT\liqui.dll
C:\WINNT\liqui.exe
C:\WINNT\ngd.dll
C:\WINNT\pbsysie.dll
C:\WINNT\settn.dll
C:\WINNT\spredirect.dll
C:\WINNT\system32\drivers\blank.gif
C:\WINNT\system32\drivers\box_1.gif
C:\WINNT\system32\drivers\box_2.gif
C:\WINNT\system32\drivers\box_3.gif
C:\WINNT\system32\drivers\button_buynow.gif
C:\WINNT\system32\drivers\button_freescan.gif
C:\WINNT\system32\drivers\cell_bg.gif
C:\WINNT\system32\drivers\cell_footer.gif
C:\WINNT\system32\drivers\cell_header_block.gif
C:\WINNT\system32\drivers\cell_header_remove.gif
C:\WINNT\system32\drivers\cell_header_scan.gif
C:\WINNT\system32\drivers\detect.htm
C:\WINNT\system32\drivers\download_box.gif
C:\WINNT\system32\drivers\download_btn.jpg
C:\WINNT\system32\drivers\download_now_btn.gif
C:\WINNT\system32\drivers\footer_back.jpg
C:\WINNT\system32\drivers\header_1.gif
C:\WINNT\system32\drivers\header_2.gif
C:\WINNT\system32\drivers\header_3.gif
C:\WINNT\system32\drivers\header_4.gif
C:\WINNT\system32\drivers\header_red_bg.gif
C:\WINNT\system32\drivers\header_red_free_scan.gif
C:\WINNT\system32\drivers\header_red_free_scan_bg.gif
C:\WINNT\system32\drivers\header_red_protect_your_pc.gif
C:\WINNT\system32\drivers\infected.gif
C:\WINNT\system32\drivers\main_back.gif
C:\WINNT\system32\drivers\perfect_cleaner_box.jpg
C:\WINNT\system32\drivers\product_1_header.gif
C:\WINNT\system32\drivers\product_1_name_small.gif
C:\WINNT\system32\drivers\product_2_header.gif
C:\WINNT\system32\drivers\product_2_name_small.gif
C:\WINNT\system32\drivers\product_3_header.gif
C:\WINNT\system32\drivers\product_3_name_small.gif
C:\WINNT\system32\drivers\product_features.gif
C:\WINNT\system32\drivers\pt.htm
C:\WINNT\system32\drivers\rating.gif
C:\WINNT\system32\drivers\s_detect.htm
C:\WINNT\system32\drivers\screenshot.jpg
C:\WINNT\system32\drivers\sep_hor.gif
C:\WINNT\system32\drivers\sep_vert.gif
C:\WINNT\system32\drivers\shadow.jpg
C:\WINNT\system32\drivers\shadow_bg.gif
C:\WINNT\system32\drivers\spacer.gif
C:\WINNT\system32\drivers\spy_away_box.jpg
C:\WINNT\system32\drivers\star.gif
C:\WINNT\system32\drivers\star_gray.gif
C:\WINNT\system32\drivers\star_gray_small.gif
C:\WINNT\system32\drivers\star_small.gif
C:\WINNT\system32\drivers\style.css
C:\WINNT\system32\drivers\system.exe
C:\WINNT\system32\drivers\v.gif
C:\WINNT\system32\drivers\warning_icon.gif
C:\WINNT\system32\drivers\win_logo.gif
C:\WINNT\system32\drivers\x.gif
C:\WINNT\system32\ESHOPEE.exe
C:\WINNT\system32\lkuz.dll
C:\WINNT\system32\msole32.exe
C:\WINNT\vxddsk.exe
C:\WINNT\wbeCheck.exe
C:\WINNT\wbeInst$.exe
C:\WINNT\xadbrk.dll
C:\WINNT\xadbrk.exe
C:\WINNT\xadbrk_.exe
C:\WINNT\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-05 07:24 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2ec.dat
2007-11-04 23:05 12,032 --a------ C:\WINNT\system32\ace16win.dll
2007-11-04 21:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-04 21:03 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Lavasoft
2007-11-04 18:37 40,752 --a--c--- C:\WINNT\system32\dllcache\1394bus.sys
2007-11-04 15:55 18,432 --a------ C:\WINNT\fkwggshm.exe
2007-11-04 15:53 4 --a------ C:\WINNT\system32\stfv.bin
2007-11-04 15:43 <DIR> d-------- C:\WINNT\system32\acespy
2007-11-04 15:17 12 --a------ C:\WINNT\system32\dpqaqlqx.bin
2007-11-04 14:47 123,911 --a------ C:\WINNT\system32\vvgeowbv.exe
2007-11-04 14:46 21,504 --a------ C:\WINNT\system32\aivskurq.dll
2007-11-04 14:43 12,217 --a------ C:\WINNT\system32\winlogon.scr
2007-11-04 14:43 12,217 ---hs---- C:\Documents and Settings\flutterby\winmain.exe
2007-11-04 05:36 35,840 --a------ C:\WINNT\17PHolmes72.exe
2007-11-01 00:38 <DIR> d-------- C:\Program Files\SeedC Pacific
2007-10-30 06:15 <DIR> d-------- C:\Documents and Settings\flutterby\Application Data\Move Networks
2007-10-30 05:17 <DIR> d-------- C:\Program Files\Communicate!
2007-10-18 16:20 <DIR> d-------- C:\Program Files\Abra Academy
2007-10-16 15:40 737,280 --a------ C:\WINNT\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 05:18 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-05 05:06 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
2007-11-05 03:48 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Viewpoint
2007-11-05 03:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-05 01:58 --------- d---a-w C:\Program Files\ewido anti-spyware 4.0
2007-11-01 06:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-31 21:50 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2007-10-31 17:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
2007-10-27 22:03 --------- d-----w C:\Program Files\AIM6
2007-10-27 22:01 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\AOL Downloads
2007-10-27 22:01 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\AOL
2007-10-18 20:36 --------- d-----w C:\Program Files\WinSCP3
2007-10-16 20:23 --------- d-----w C:\Program Files\Java
2007-10-04 12:37 --------- d-----w C:\Program Files\directx
2007-10-01 16:21 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Elluminate
2007-09-30 19:46 --------- d---a-w C:\Program Files\Secrets Of Great Art
2007-09-30 07:09 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\AOL OCP
2007-09-30 07:09 --------- d-----w C:\Documents and Settings\flutterby\Application Data\acccore
2007-09-30 07:06 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-30 05:48 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Yahoo!
2007-09-26 03:54 --------- d-----w C:\Program Files\MSN Messenger
2007-09-21 16:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-09-21 11:30 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Skype
2007-09-19 05:59 --------- d-----w C:\Documents and Settings\flutterby\Application Data\Design Science
2007-09-19 05:56 --------- d-----w C:\Program Files\MathType
2007-09-13 22:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2005-10-16 22:23 150 ----a-w C:\Program Files\Show Desktop.scf
2004-11-05 17:32 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
2004-11-02 17:59 271 ---h--w C:\Program Files\desktop.ini
2004-11-02 17:59 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2006-10-08 04:29:20 866,313 --sh--w C:\WINNT\system32\lknpo.bak1
2006-10-11 04:50:01 905,235 --sh--w C:\WINNT\system32\lknpo.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
07-11-04 14:47 21504 --a------ C:\WINNT\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 17:24 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
"LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05-12-09 17:32 ]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [06-01-05 09:58 ]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [06-01-05 10:15 ]
"LogitechCameraService(E)"="C:\WINNT\system32\ElkCtrl.exe" [04-11-01 19:22 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-07-24 07:21 ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07-02-19 21:58 ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 13:06 ]
"Aim6"="" []
"Khytufsm"="C:\Program Files\Common Files\W?nSxS\s?ool32.exe" []
"main"="C:\WINNT\system32\drivers\system.exe" []
"default"="C:\Documents and Settings\flutterby\winmain.exe" [07-11-04 14:43 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07-08-31 16:46 ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"sysinit"=C:\WINNT\system32\drivers\system.exe
"winmz"=C:\Documents and Settings\flutterby\winmain.exe

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 21:58:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\stori.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Blonde10666.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\b_blu7.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\354051554_s[1].gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\backgd.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\26.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Ange.gif
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 12:55 77824]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINNT\\system32\\vvgeowbv.exe,C:\\WINNT\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys
R3 ichaud;Service for AC'97 Driver (WDM);C:\WINNT\system32\drivers\ichaud.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINNT\system32\drivers\LVPrcMon.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 07:27:58
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
main = C:\WINNT\system32\drivers\system.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
default = C:\Documents and Settings\flutterby\winmain.exe??e???e???<?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
sysinit = C:\WINNT\system32\drivers\system.exe??nm?e???e???=???e???<?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
winmz = C:\Documents and Settings\flutterby\winmain.exe??e???e???<?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-05 7:29:57
.
--- E O F ---
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
that has a massive amount of problems still showing

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

then

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click Non-Microsoft
    • In the Win32 Services group click Non-Microsoft
    • In the Driver Services group click Non-Microsoft
    • In the Registry group click ALL
    • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
    • In the File String Search group select ALL
    in the Additional scans sections please press select all and then unselect event viewer. uncheck non-microsoft only
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here . I will review it when it comes in.
 

bluecoastbikini

Thread Starter
Joined
Sep 17, 2006
Messages
50
OKay things are better, no popups, but problems within browser. Everytime I go to a webpage it loads and then turns white and sometimes the font gets all messed up. So I have to "stop" the page from loading completely to "whiteness."

It wouldn't let me put all the reports here because they were too long. So here are the SDFix and HiJack This Logs.

SDFIX-----------------------------------------------


SDFix: Version 1.113

Run by flutterby on Mon 11/05/2007 at 6:42p

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\22C.TMP - Deleted
C:\234.TMP - Deleted
C:\235.TMP - Deleted
C:\236.TMP - Deleted
C:\WINNT\system32\aivskurq.dll - Deleted



Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 18:51:14
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 26 Jun 2007 4 A..H. --- "C:\WINNT\uccspecb.sys"
Thu 26 Jul 2007 31 A..H. --- "C:\WINNT\uccspecc.sys"
Sun 4 Nov 2007 12,217 ..SH. --- "C:\Documents and Settings\flutterby\winmain.exe"
Mon 27 Feb 2006 56,832 A.SH. --- "C:\Program Files\Outlook Express\MSIMN.EXE"
Sat 7 Oct 2006 866,313 ..SH. --- "C:\WINNT\system32\lknpo.bak1"
Tue 10 Oct 2006 905,235 ..SH. --- "C:\WINNT\system32\lknpo.bak2"
Mon 10 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINNT\DRM\DRMv1.bak"

Finished!


HiJack This----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:17 PM, on 11/5/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINNT\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINNT\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Khytufsm] "C:\Program Files\Common Files\W?nSxS\s?ool32.exe"
O4 - HKCU\..\Run: [main] C:\WINNT\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\flutterby\winmain.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINNT\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\flutterby\winmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bluecoastbikinibabe.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {51739C4B-228C-46AB-A140-1D54F563F3B4} (FSpyDajabaCtl Control) - http://www.spydajaba.com/activex/spydajabactl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D7C4393-6C40-4244-9D5B-8107169399CC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{95603DCC-FF00-40D1-BC48-AD0EB4C75894}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{96709D8A-E709-4B2C-8E4D-F1874CDAD439}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\stori.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Blonde10666.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\b_blu7.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\354051554_s[1].gif
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\backgd.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\26.gif
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\flutterby\Desktop\Estelle\Pictures & Icons\Other Pictures\Ange.gif

--
End of file - 11106 bytes
 

bluecoastbikini

Thread Starter
Joined
Sep 17, 2006
Messages
50
Okay WinPFind is too long so I am spitting it up into parts.

WinPFind3---------------------------part1---------------------------

WinPFind3 logfile created on: 11/5/2007 6:58:59 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\flutterby\Desktop\WinPFind3u\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)

254.42 Mb Total Physical Memory | 36.27 Mb Available Physical Memory | 14.26% Memory free
616.40 Mb Paging File | 338.93 Mb Available in Paging File | 54.99% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 14.29 Gb Total Space | 2.47 Gb Free Space | 17.30% Space Free
D: Drive not present or media not loaded
Drive E: | 604.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: BLUE
Current User Name: flutterby
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ]
cameraassistant.exe -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> Logitech Inc. [Ver = 9.5.5.1026 | Size = 489472 bytes | Modified Date = 1/5/2006 9:58:38 AM | Attr = ]
elkctrl.exe -> %System32%\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 7:22:22 PM | Attr = ]
guard.exe -> %ProgramFiles%\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 5:23:58 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 5:24:14 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 225280 bytes | Modified Date = 12/9/2005 5:32:18 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 81920 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 1:06:28 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
(ewido anti-spyware 4.0 guard) ewido anti-spyware 4.0 guard [Win32_Own | Auto | Running] -> %ProgramFiles%\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 5:23:58 PM | Attr = ]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 81920 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic116x) aic116x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(ami0nt) ami0nt [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ATMhelpr) ATMhelpr [Kernel | System | Running] -> %System32%\drivers\ATMHELPR.SYS -> Adobe Systems Incorporated [Ver = 4.0 Build 85 | Size = 4064 bytes | Modified Date = 6/17/1997 6:00:00 AM | Attr = ]
(BusLogic) BusLogic [Kernel | Disabled | Stopped] -> -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\FLUTTE~1\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdr4_2K) Cdr4_2K [Kernel | System | Running] -> %System32%\drivers\cdr4_2K.sys -> Roxio [Ver = 7.1.0.190 | Size = 44288 bytes | Modified Date = 8/8/2007 3:29:40 PM | Attr = ]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\drivers\cdralw2k.sys -> Roxio [Ver = 5.3.2.31 | Size = 23420 bytes | Modified Date = 8/1/2006 12:10:10 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(cpqarry2) cpqarry2 [Kernel | Disabled | Stopped] -> -> File not found
(cpqfcalm) cpqfcalm [Kernel | Disabled | Stopped] -> -> File not found
(cpqfws2e) cpqfws2e [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(deckzpsx) deckzpsx [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 369104 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 137936 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 7312 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
(ewido anti-spyware 4.0 driver) ewido anti-spyware 4.0 driver [Kernel | System | Running] -> %ProgramFiles%\ewido anti-spyware 4.0\guard.sys -> [Ver = | Size = 3968 bytes | Modified Date = 6/16/2006 8:38:54 AM | Attr = ]
(Fd16_700) Fd16_700 [Kernel | Disabled | Stopped] -> -> File not found
(fireport) fireport [Kernel | Disabled | Stopped] -> -> File not found
(flashpnt) flashpnt [Kernel | Disabled | Stopped] -> -> File not found
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 2:21:04 AM | Attr = ]
(i81x) i81x [Kernel | On_Demand | Running] -> %System32%\drivers\i81xnt5.sys -> Intel Corporation [Ver = 5.11.01.0133.3-NT5 Eng. Sample 03:01AM | Size = 68336 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(ipsraidn) ipsraidn [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(lp6nds35) lp6nds35 [Kernel | Disabled | Stopped] -> -> File not found
(Lvckap) Logitech Kernel Audio Processing Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Lvckap.sys -> [Ver = | Size = 2174464 bytes | Modified Date = 12/9/2005 5:35:54 PM | Attr = ]
(lvmvdrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %System32%\drivers\LVMVdrv.sys -> [Ver = | Size = 2400256 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]
(LVPrcMon) Logitech LVPrcMon Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LVPrcMon.sys -> [Ver = | Size = 16768 bytes | Modified Date = 12/9/2005 5:37:42 PM | Attr = ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 39424 bytes | Modified Date = 12/5/2005 9:26:16 PM | Attr = R ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(Ncrc710) Ncrc710 [Kernel | Disabled | Stopped] -> -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(PID_0928) Logitech QuickCam Express(PID_0928) [Kernel | On_Demand | Running] -> %System32%\drivers\LV561AV.SYS -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 287360 bytes | Modified Date = 12/5/2005 9:27:30 PM | Attr = R ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 | Size = 17680 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql2100) ql2100 [Kernel | Disabled | Stopped] -> -> File not found
(rtl8139) Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.366.0818.1999 | Size = 18704 bytes | Modified Date = 9/24/1999 1:17:18 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
(SecDrv) SecDrv [Kernel | Auto | Running] -> %System32%\drivers\SECDRV.SYS -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date = 4/1/2006 2:35:04 PM | Attr = ]
(sglfb) sglfb [Kernel | System | Stopped] -> -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SONYPVM1) Sony Memory Stick Driver(SONYPVM1) [Kernel | Boot | Running] -> %System32%\drivers\SonyPVM1.sys -> Sony Corporation [Ver = 1.3.0526.0 | Size = 28224 bytes | Modified Date = 5/27/2000 5:37:48 AM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.4.0709.0 | Size = 7921 bytes | Modified Date = 7/10/2002 6:49:20 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(tga) tga [Kernel | System | Stopped] -> -> File not found
(ultra66) ultra66 [Kernel | Disabled | Stopped] -> -> File not found

[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 5:24:14 PM | Attr = ]
LogitechCameraAssistant -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> Logitech Inc. [Ver = 9.5.5.1026 | Size = 489472 bytes | Modified Date = 1/5/2006 9:58:38 AM | Attr = ]
LogitechCameraService(E) -> %System32%\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 7:22:22 PM | Attr = ]
LogitechVideo[inspector] -> %ProgramFiles%\Logitech\Video\InstallHelper.exe -> Logitech Inc. [Ver = 9.5.5.1026 | Size = 73728 bytes | Modified Date = 1/5/2006 10:15:00 AM | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 225280 bytes | Modified Date = 12/9/2005 5:32:18 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/24/2006 7:21:38 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
Synchronization Manager -> %System32%\mobsync.exe -> Microsoft Corporation [Ver = 5.00.2195.6627 | Size = 111376 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
default -> %SystemDrive%\Documents and Settings\flutterby\winmain.exe -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = HS]
Khytufsm -> %CommonProgramFiles%\W?nSxS\s?ool32.exe -> File not found
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
main -> %System32%\drivers\system.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/24/2006 7:21:38 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 1:06:28 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> File not found
< RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
sysinit -> %System32%\drivers\system.exe -> File not found
winmz -> %SystemDrive%\Documents and Settings\flutterby\winmain.exe -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = HS]
< Common Startup > -> C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup ->
%AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.00.2184.1 | Size = 163600 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{7007ACCF-3202-11D1-AAD2-00805FC1270E} [HKLM] -> %System32%\netshell.dll [Network.ConnectionTray] -> Microsoft Corporation [Ver = 5.00.2195.6604 | Size = 477456 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 81168 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 258048 bytes | Modified Date = 8/29/2002 8:14:40 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\ewido anti-spyware 4.0\shellexecutehook.dll [ewido anti-spyware 4.0] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Modified Date = 6/16/2006 8:38:50 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\SHELL32.DLL [] -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\BROWSEUI.DLL [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\BROWSEUI.DLL [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 80128 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
schannel.dll -> %System32%\SCHANNEL.DLL -> Microsoft Corporation [Ver = 5.00.2195.7136 | Size = 147216 bytes | Modified Date = 4/25/2007 1:52:16 AM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 55296 bytes | Modified Date = 8/29/2002 8:14:40 AM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.00.7753 | Size = 116272 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 5.00.3700.6690 | Size = 243472 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINNT\system32\userinit.exe -> %System32%\USERINIT.EXE -> Microsoft Corporation [Ver = 5.00.2195.6612 | Size = 17680 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 10000 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
shell32 -> %System32%\SHELL32.DLL -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
"sysdm.cpl" -> %System32%\SYSDM.CPL -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 125712 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINNT\system32\vvgeowbv.exe -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Modified Date = 11/4/2007 3:17:42 PM | Attr = ]
C:\WINNT\system32\userinit.exe -> %System32%\USERINIT.EXE -> Microsoft Corporation [Ver = 5.00.2195.6612 | Size = 17680 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 12:41:36 PM | Attr = ]
crypt32chain -> %System32%\CRYPT32.DLL -> Microsoft Corporation [Ver = 5.131.2195.6926 | Size = 563984 bytes | Modified Date = 4/8/2005 5:54:32 AM | Attr = ]
cryptnet -> %System32%\CRYPTNET.DLL -> Microsoft Corporation [Ver = 5.131.2195.6926 | Size = 63760 bytes | Modified Date = 4/8/2005 5:54:34 AM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.00.2195.6713 | Size = 101136 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.00.2195.6608 | Size = 20752 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.00.2195.7000 | Size = 57104 bytes | Modified Date = 4/8/2005 5:54:32 AM | Attr = ]
wzcnotif -> %System32%\wzcdlg.dll -> Microsoft Corporation [Ver = 5.00.2195.6604 | Size = 52496 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINNT\System32\drivers\etc\Hosts ->
127.0.0.1 localhost ->
 

bluecoastbikini

Thread Starter
Joined
Sep 17, 2006
Messages
50
WinPFind3--------------------------------part2---------------


< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\SHDOCVW.DLL [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00000012-890e-4aac-afd9-eff6954a34dd} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{029e02f0-a0e5-4b19-b958-7bf2db29fb13} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 3:16:42 AM | Attr = ]
{06dfedaa-6196-11d5-bfc8-00508b4a487d} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{1adbcce8-cf84-441e-9b38-afc7a19c06a4} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{51641ef3-8a7a-4d84-8659-b0911e947cc8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{54645654-2225-4455-44A1-9F4543D34546} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{669695bc-a811-4a9d-8cdf-ba8c795f261e} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{6abc861a-31e7-4d91-b43b-d3c98f22a5c0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{944864a5-3916-46e2-96a9-a2e84f3f1208} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{a4a435cf-3583-11d4-91bd-0048546a1450} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{c2680e10-1655-4a0e-87f8-4259325a84b7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{c4ca6559-2cf1-48b6-96b2-8340a06fd129} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{c5af2622-8c75-4dfb-9693-23ab7686a456} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{d8efadf1-9009-11d6-8c73-608c5dc19089} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{e9306072-417e-43e3-81d5-369490beef7c} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\SHDOCVW.DLL [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{30D02401-6A81-11D0-8274-00C04FD5AE38} [HKLM] -> %System32%\BROWSEUI.DLL [Search Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> %System32%\BROWSEUI.DLL [Media Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} [HKLM] -> %System32%\SHELL32.DLL [File and Folders Search ActiveX Control] -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\SHDOCVW.DLL [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\SHDOCVW.DLL [History Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\SHDOCVW.DLL [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1340416 bytes | Modified Date = 4/13/2007 9:08:46 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Address] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Links] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} [HKLM] -> %ProgramFiles%\MorpheusBar\bar\1.bin\MORPHBAR.DLL [Morpheus Toolbar] -> File not found
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Address] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\BROWSEUI.DLL [&Links] -> Microsoft Corporation [Ver = 6.00.2800.1909 (xpsp2.070413-0924) | Size = 1017856 bytes | Modified Date = 4/13/2007 9:09:00 AM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} [HKLM] -> %ProgramFiles%\MorpheusBar\bar\1.bin\MORPHBAR.DLL [Morpheus Toolbar] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3D7C4393-6C40-4244-9D5B-8107169399CC} -> 208.67.220.220,208.67.222.222 (SMC EZ Card 10/100 (SMC1211TX)) ->
{95603DCC-FF00-40D1-BC48-AD0EB4C75894} -> 208.67.220.220,208.67.222.222 (SMC EZ Card 10/100 (SMC1211TX)) ->
{96709D8A-E709-4B2C-8E4D-F1874CDAD439} -> 208.67.220.220,208.67.222.222 () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\RNR20.DLL -> Microsoft Corporation [Ver = 5.00.2195.6603 | Size = 36624 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.00.2160.1 | Size = 19216 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.00.2195.6611 | Size = 77072 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.00.2195.6611 | Size = 77072 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\msafd.dll -> Microsoft Corporation [Ver = 5.00.2195.6602 | Size = 108816 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 2/19/2007 9:58:44 PM | Attr = ]
cdl -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
file -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
ftp -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
gopher -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
http -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
https -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.309 (srv03_gdr.050413-1540) | Size = 128000 bytes | Modified Date = 4/21/2005 8:16:56 AM | Attr = ]
javascript -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
local -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
mailto -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
mhtml -> %System32%\INETCOMM.DLL -> Microsoft Corporation [Ver = 6.00.2800.1896 | Size = 596480 bytes | Modified Date = 11/6/2006 2:47:54 PM | Attr = ]
mk -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 577536 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.309 (srv03_gdr.050413-1540) | Size = 128000 bytes | Modified Date = 4/21/2005 8:16:56 AM | Attr = ]
res -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 8/25/2007 8:54:38 PM | Attr = R ]
sysimage -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
vbscript -> %System32%\MSHTML.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 2704896 bytes | Modified Date = 4/16/2007 11:25:46 AM | Attr = ]
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 844560 bytes | Modified Date = 3/31/2005 1:10:40 AM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
application/octet-stream -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ]
application/x-complus -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ]
application/x-msdownload -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ]
Class Install Handler -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
deflate -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
gzip -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
lzdhtml -> %System32%\URLMON.DLL -> Microsoft Corporation [Ver = 6.00.2800.1595 | Size = 462336 bytes | Modified Date = 4/13/2007 8:57:56 AM | Attr = ]
text/webviewhtml -> %System32%\SHELL32.DLL -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 1:09:24 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17D72920-7A15-11D4-921E-0080C8DA7A5E} -> AimSp32 Class - CodeBase = http://rimmel.ai-media.com/save/makeover.cab ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{31564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmvax.cab ->
{32564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{48DD0448-9209-4F81-9F6D-D83562940134} -> MySpace Uploader Control - CodeBase = http://lads.myspace.com/upload/MySpaceUploader.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://bluecoastbikinibabe.spaces.live.com//PhotoUpload/MsnPUpld.cab ->
{51739C4B-228C-46AB-A140-1D54F563F3B4} -> FSpyDajabaCtl Control - CodeBase = http://www.spydajaba.com/activex/spydajabactl.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} -> - CodeBase = http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{C946EF6D-296D-4907-A6E1-ED0E8E5AF024} -> LycosMail Upload Control - CodeBase = http://mail.lycos.com/hanmail-ax/AttachMail.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl Object - CodeBase = http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINNT\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
225.tmp -> %SystemDrive%\225.tmp -> [Ver = | Size = 186608 bytes | Created Date = 11/4/2007 5:36:13 AM | Attr = ]
226.tmp -> %SystemDrive%\226.tmp -> [Ver = | Size = 23040 bytes | Created Date = 11/4/2007 5:36:21 AM | Attr = ]
22B.tmp -> %SystemDrive%\22B.tmp -> [Ver = 0, 0, 0, 0 | Size = 9804 bytes | Created Date = 11/4/2007 5:36:29 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 11/5/2007 6:30:06 PM | Attr = ]
17PHolmes72.exe -> %SystemRoot%\17PHolmes72.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Created Date = 11/4/2007 5:36:55 AM | Attr = ]
absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk -> [Ver = | Size = 11776 bytes | Created Date = 11/4/2007 3:40:46 PM | Attr = ]
aconti.ini -> %SystemRoot%\aconti.ini -> [Ver = | Size = 28416 bytes | Created Date = 11/4/2007 11:06:00 PM | Attr = ]
aconti.sdb -> %SystemRoot%\aconti.sdb -> [Ver = | Size = 14848 bytes | Created Date = 11/4/2007 11:06:01 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1680 bytes | Created Date = 11/4/2007 3:39:22 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 11/5/2007 6:41:23 PM | Attr = ]
fkwggshm.exe -> %SystemRoot%\fkwggshm.exe -> Microsoft Corp. [Ver = 1.00 | Size = 18432 bytes | Created Date = 11/4/2007 3:55:49 PM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 10/16/2007 3:40:06 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/4/2007 5:35:41 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/4/2007 5:35:41 AM | Attr = H ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 11/4/2007 11:54:02 PM | Attr = ]
ace16win.dll -> %System32%\ace16win.dll -> [Ver = | Size = 12032 bytes | Created Date = 11/4/2007 11:05:58 PM | Attr = ]
acespy -> %System32%\acespy -> [Folder | Created Date = 11/4/2007 3:43:32 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 11/4/2007 7:26:13 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\ClickToFindandFixErrors_US.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Created Date = 11/4/2007 3:17:48 PM | Attr = ]
dpqaqlqx.bin -> %System32%\dpqaqlqx.bin -> [Ver = | Size = 12 bytes | Created Date = 11/4/2007 3:17:58 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/16/2007 2:23:23 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/16/2007 2:23:23 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 10/16/2007 2:23:23 PM | Attr = ]
jpewocmz.ini -> %System32%\jpewocmz.ini -> [Ver = | Size = 4 bytes | Created Date = 11/4/2007 3:17:48 PM | Attr = ]
Perflib_Perfdata_2ec.dat -> %System32%\Perflib_Perfdata_2ec.dat -> [Ver = | Size = 16384 bytes | Created Date = 11/5/2007 7:24:46 AM | Attr = ]
stfv.bin -> %System32%\stfv.bin -> [Ver = | Size = 4 bytes | Created Date = 11/4/2007 3:53:14 PM | Attr = ]
sznf.ascii -> %System32%\sznf.ascii -> [Ver = | Size = 92 bytes | Created Date = 11/4/2007 3:17:59 PM | Attr = ]
vvgeowbv.exe -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Created Date = 11/4/2007 2:47:52 PM | Attr = ]
winlogon.scr -> %System32%\winlogon.scr -> [Ver = | Size = 12217 bytes | Created Date = 11/4/2007 2:43:18 PM | Attr = ]
 

bluecoastbikini

Thread Starter
Joined
Sep 17, 2006
Messages
50
WinPFind3------------------------part3---------------------


[Files/Folders - Modified Within 30 days]
225.tmp -> %SystemDrive%\225.tmp -> [Ver = | Size = 186608 bytes | Modified Date = 11/4/2007 5:36:22 AM | Attr = ]
226.tmp -> %SystemDrive%\226.tmp -> [Ver = | Size = 23040 bytes | Modified Date = 11/4/2007 5:36:24 AM | Attr = ]
22B.tmp -> %SystemDrive%\22B.tmp -> [Ver = 0, 0, 0, 0 | Size = 9804 bytes | Modified Date = 11/4/2007 5:36:32 AM | Attr = ]
ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 139 bytes | Modified Date = 11/5/2007 10:54:30 AM | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1446 bytes | Modified Date = 10/27/2007 4:03:06 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/5/2007 10:54:36 AM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 11/5/2007 7:14:00 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 11/5/2007 6:53:44 PM | Attr = ]
WINNT -> %SystemRoot% -> [Folder | Modified Date = 11/5/2007 6:41:24 PM | Attr = ]
17PHolmes72.exe -> %SystemRoot%\17PHolmes72.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/4/2007 5:36:56 AM | Attr = ]
absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk -> [Ver = | Size = 11776 bytes | Modified Date = 11/4/2007 3:40:48 PM | Attr = ]
aconti.ini -> %SystemRoot%\aconti.ini -> [Ver = | Size = 28416 bytes | Modified Date = 11/4/2007 11:06:02 PM | Attr = ]
aconti.sdb -> %SystemRoot%\aconti.sdb -> [Ver = | Size = 14848 bytes | Modified Date = 11/4/2007 11:06:02 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/29/2007 6:56:20 PM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 11/5/2007 3:45:10 PM | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 11/5/2007 6:51:02 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1680 bytes | Modified Date = 11/4/2007 11:50:08 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/30/2007 7:11:04 PM | Attr = S]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 11/5/2007 6:41:34 PM | Attr = ]
fkwggshm.exe -> %SystemRoot%\fkwggshm.exe -> Microsoft Corp. [Ver = 1.00 | Size = 18432 bytes | Modified Date = 11/4/2007 11:32:40 PM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/4/2007 9:03:30 PM | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 10/16/2007 3:39:02 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/4/2007 5:35:42 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/4/2007 2:42:46 PM | Attr = H ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 11/5/2007 7:18:04 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/5/2007 6:51:10 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 11/5/2007 6:51:12 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 299 bytes | Modified Date = 11/4/2007 11:05:18 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/5/2007 6:49:34 PM | Attr = H ]
ace16win.dll -> %System32%\ace16win.dll -> [Ver = | Size = 12032 bytes | Modified Date = 11/4/2007 11:06:00 PM | Attr = ]
acespy -> %System32%\acespy -> [Folder | Modified Date = 11/4/2007 3:43:40 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 11/4/2007 7:26:14 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\ClickToFindandFixErrors_US.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 1204 bytes | Modified Date = 11/4/2007 2:43:02 PM | Attr = ]
din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Modified Date = 11/4/2007 3:17:50 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 11/4/2007 6:37:20 PM | Attr = RHS]
dpqaqlqx.bin -> %System32%\dpqaqlqx.bin -> [Ver = | Size = 12 bytes | Modified Date = 11/4/2007 3:18:00 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/5/2007 7:24:50 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 11/5/2007 6:51:12 PM | Attr = ]
jpewocmz.ini -> %System32%\jpewocmz.ini -> [Ver = | Size = 4 bytes | Modified Date = 11/4/2007 3:17:50 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 11/5/2007 6:50:30 PM | Attr = ]
Perflib_Perfdata_2ec.dat -> %System32%\Perflib_Perfdata_2ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/5/2007 7:24:48 AM | Attr = ]
stfv.bin -> %System32%\stfv.bin -> [Ver = | Size = 4 bytes | Modified Date = 11/5/2007 6:29:32 PM | Attr = ]
sznf.ascii -> %System32%\sznf.ascii -> [Ver = | Size = 92 bytes | Modified Date = 11/4/2007 3:18:00 PM | Attr = ]
vvgeowbv.exe -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Modified Date = 11/4/2007 3:17:42 PM | Attr = ]
winlogon.scr -> %System32%\winlogon.scr -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/5/2007 6:43:16 PM | Attr = ]






[File String Scan - All]
UPX! , -> %SystemDrive%\22B.tmp -> [Ver = 0, 0, 0, 0 | Size = 9804 bytes | Modified Date = 11/4/2007 5:36:32 AM | Attr = ]
UPX! , UPX0 , -> %SystemDrive%\KillBox.exe -> Option^Explicit Software [email protected] [Ver = 2.00.0532 | Size = 69120 bytes | Modified Date = 10/11/2006 6:59:06 PM | Attr = ]
UPX! , UPX0 , -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.01.0006 | Size = 86528 bytes | Modified Date = 9/28/2006 11:35:56 AM | Attr = ]
UPX! , -> %SystemRoot%\17PHolmes72.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/4/2007 5:36:56 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Blue Lace 16.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Coffee Bean.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\FeatherTexture.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %SystemRoot%\fkwggshm.exe -> Microsoft Corp. [Ver = 1.00 | Size = 18432 bytes | Modified Date = 11/4/2007 11:32:40 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Gone Fishing.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 7000 bytes -> %SystemRoot%\Mozilla Wallpaper.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Mozilla Wallpaper.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 3864 bytes -> %SystemRoot%\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Prairie Wind.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Rhododendron.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\River Sumida.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 3840 bytes -> %SystemRoot%\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Santa Fe Stucco.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 5832 bytes -> %SystemRoot%\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Soap Bubbles.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\winnt.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 2724 bytes -> %SystemRoot%\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\winnt256.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Zapotec.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %System32%\ClickToFindandFixErrors_US.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %System32%\getstart.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %System32%\Help.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
Thawte Consulting , USERTRUST , -> %System32%\INITPKI.DLL -> Microsoft Corporation [Ver = 5.131.2195.6601 | Size = 138000 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr = ]
WSUD , -> %System32%\mfc42u.dll -> Microsoft Corporation [Ver = 6.00.9792.0 | Size = 1011774 bytes | Modified Date = 11/2/2006 11:31:40 AM | Attr = ]
PECompact2 , aspack , -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.31.2276.0 | Size = 16256984 bytes | Modified Date = 6/28/2007 1:57:28 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\n2k.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 1256 bytes -> %System32%\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\ntimage.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %System32%\pavas.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
Umonitor , -> %System32%\RASDLG.DLL -> Microsoft Corporation [Ver = 5.00.2195.6920 | Size = 531216 bytes | Modified Date = 1/12/2005 1:39:46 PM | Attr = ]
@Alternate Data Stream - 2980 bytes -> %System32%\setup.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\setup.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\tunes.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %System32%\Uninstall.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %System32%\vvgeowbv.exe -> Microsoft [Ver = 1.00.0072 | Size = 123911 bytes | Modified Date = 11/4/2007 3:17:42 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
FSG! , -> %System32%\winlogon.scr -> [Ver = | Size = 12217 bytes | Modified Date = 11/4/2007 2:43:16 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> Microsoft Corporation [Ver = 7.0.1.4326 | Size = 8929280 bytes | Modified Date = 12/7/1999 6:00:00 AM | Attr = ]
WSUD , -> %System32%\dllcache\mfc42u.dll -> Microsoft Corporation [Ver = 6.00.9792.0 | Size = 1011774 bytes | Modified Date = 11/2/2006 11:31:40 AM | Attr = ]
Umonitor , -> %System32%\dllcache\rasdlg.dll -> Microsoft Corporation [Ver = 5.00.2195.6920 | Size = 531216 bytes | Modified Date = 1/12/2005 1:39:46 PM | Attr = ]

< End of report >
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
read myy instructions & ATTACH winpfind report

we cannot use it pasted into forum as many entries get corrupted by forum software
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Unfortunately that is NOT a full winpfind log & doesn't show all the locations we need to be able to deal with this

please read my previous post carefully and configure winpfind exactly as asked if we are to have any chance of fighting this
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top