1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win Anti Virus Pro & Drive Cleaner Removal Help

Discussion in 'Virus & Other Malware Removal' started by USMCBUCK10, Jan 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    Download ComboFix to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  2. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Combo Fix Log



    "Owner" - 07-01-25 20:08:53 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\TEMP\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\INSTALL.LOG
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48
    C:\Program Files\Common Files\{3858F~1
    C:\Program Files\Common Files\{4858F~2
    C:\Program Files\Common Files\{4858F~1
    C:\Program Files\VSAdd-in


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


    2007-01-24 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
    2007-01-24 15:10 277,104 ---hs---- C:\WINDOWS\system32\jkkll.dll
    2007-01-24 14:51 <DIR> d-------- C:\VundoFix Backups
    2007-01-23 21:08 989,586 ---hs---- C:\WINDOWS\system32\ppqss.bak1
    2007-01-23 21:08 76,412 --a------ C:\WINDOWS\system32\vcunqjpt.dll
    2007-01-23 17:06 <DIR> d-------- C:\SDFix
    2007-01-22 07:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-01-21 21:47 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-01-21 21:46 <DIR> d-------- C:\Program Files\Grisoft
    2007-01-21 20:09 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-01-21 20:09 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-01-21 20:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-01-21 20:09 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-01-21 20:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-01-21 20:09 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-01-21 19:50 <DIR> d-------- C:\Program Files\Hijackthis
    2007-01-21 13:26 76,412 --a------ C:\WINDOWS\system32\fmhedcys.dll
    2007-01-20 01:25 1,132,112 --a------ C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe
    2007-01-18 10:55 76,412 --a------ C:\WINDOWS\system32\vypcsbqk.dll
    2007-01-18 02:07 <DIR> d-------- C:\DOCUME~1\TEMP\Application Data\Viewpoint
    2007-01-15 17:21 44,060 --a------ C:\WINDOWS\system32\ynsyjfuf.dll
    2007-01-12 23:40 28,672 --a------ C:\WINDOWS\system32\f3PSSavr.scr
    2007-01-10 15:22 <DIR> d-------- C:\WINDOWS\ie7updates
    2007-01-05 19:59 861,617 ---hs---- C:\WINDOWS\system32\edeeg.bak2
    2007-01-05 19:33 159,744 --a------ C:\WINDOWS\Talking Time Keeper.scr
    2007-01-05 19:33 <DIR> d-------- C:\Program Files\Talking Time Keeper
    2007-01-05 19:32 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2007-01-05 19:06 867,022 ---hs---- C:\WINDOWS\system32\edeeg.bak1
    2007-01-05 19:06 44,060 --a------ C:\WINDOWS\system32\gaopntlj.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-25 18:26 -------- d-------- C:\Program Files\mozilla firefox
    2007-01-25 00:03 -------- d-------- C:\DOCUME~1\TEMP\Application Data\weatherbug
    2007-01-24 21:56 -------- d-------- C:\Program Files\the college toolbar
    2007-01-24 21:42 -------- d-------- C:\Program Files\itunes
    2007-01-24 21:24 -------- d-------- C:\Program Files\Common Files\scanner
    2007-01-24 21:18 -------- d-------- C:\Program Files\america online 9.0a
    2007-01-24 21:17 -------- d-------- C:\Program Files\america online 9.0
    2007-01-24 21:17 -------- d-------- C:\Program Files\aim6
    2007-01-23 13:37 -------- d-------- C:\Program Files\corel
    2007-01-22 10:32 150801 --a------ C:\WildMedia.exe
    2007-01-22 10:27 -------- d-------- C:\Program Files\sims2pack clean installer
    2007-01-22 10:24 -------- d-------- C:\Program Files\quicktime
    2007-01-22 09:47 -------- d-------- C:\Program Files\Common Files\aolshare
    2007-01-22 09:47 -------- d-------- C:\Program Files\Common Files\aol
    2007-01-21 17:47 6320 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
    2007-01-21 15:57 -------- d-------- C:\DOCUME~1\TEMP\Application Data\corel
    2007-01-21 15:24 168 -r-hs---- C:\WINDOWS\system32\b89ac51b07.sys
    2007-01-20 01:27 -------- d-------- C:\Program Files\Common Files\corel
    2007-01-13 22:48 -------- d-------- C:\Program Files\funwebproducts
    2007-01-12 23:41 -------- d-------- C:\Program Files\mywebsearch
    2007-01-05 19:21 -------- d-------- C:\Program Files\Common Files\adobe
    2007-01-05 19:10 -------- d-------- C:\DOCUME~1\TEMP\Application Data\adobe
    2007-01-02 04:45 -------- d-------- C:\Program Files\java
    2006-12-27 18:09 -------- d-------- C:\DOCUME~1\TEMP\Application Data\apple computer
    2006-12-17 16:17 -------- d-------- C:\Program Files\aim
    2006-12-07 01:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
    2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-11-02 20:40 174656 --a------ C:\WINDOWS\system32\psiservice.exe
    2006-11-02 20:40 1456704 --a------ C:\WINDOWS\system32\psikey.dll
    2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "cosFRfdFl"="mdatoenr.exe"
    "Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
    "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "EA Core"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent"
    "Aim6"=""
    "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\6.bin\\mwsoemon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
    "KBD"="C:\\HP\\KBD\\KBD.EXE"
    "StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "PS2"="C:\\WINDOWS\\system32\\ps2.exe"
    "Ejfb"="C:\\documents and settings\\owner\\local settings\\temp\\Ejfb.exe"
    "2P6WFAX43ZHE7C"="C:\\WINDOWS\\System32\\NjpM9X44.exe"
    "tF3P3pR"="mcadss.exe"
    "AlcxMonitor"="ALCXMNTR.EXE"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
    "HostManager"="C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\AOLSoftware.exe"
    "rDM"="C:\\windows\\system32\\rDM.exe"
    "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe"
    "sscRun"="C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe"
    "OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
    "EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
    "MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
    "ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
    "WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\6.bin\\mwsoemon.exe"
    "{4858F78A-09DC-1033-1011-020409020001}"="\"C:\\Program Files\\Common Files\\{4858F78A-09DC-1033-1011-020409020001}\\Update.exe\" mc-110-12-0000272"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\WINDOWS\System32\ipxpromn1053p.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{664A7BBA-92C4-4086-8B63-D029A149629E}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winips32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\McAfee.com Update Check (KAYLA-Owner).job
    C:\WINDOWS\tasks\PcbugDoctorOwner.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    Completion time: 07-01-25 20:21:56
     
  3. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Hijack This Log




    Logfile of HijackThis v1.99.1
    Scan saved at 8:26:33 PM, on 1/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
    O2 - BHO: (no name) - {2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O2 - BHO: COLLEGETOOLBAR - {3E15928A-26B2-40b2-A4CA-408720C444BA} - C:\PROGRA~1\THECOL~1\COLLEG~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\gebcayv.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\fuiqvcdn.dll (file missing)
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
    O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winips32 - winips32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"


    Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

    http://virusscan.jotti.org/

    C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe
    C:\WINDOWS\system32\b89ac51b07.sys
    C:\WINDOWS\System32\ipxpromn1053p.dll
     
  5. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe

    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing



    C:\WINDOWS\system32\b89ac51b07.sys

    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing


    C:\WINDOWS\System32\ipxpromn1053p.dll

    The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    The one that was 0 bytes is the one I'm most suspicious of. Let's try this and see if we can get all three of them examined closer:

    Download Suspicious File Packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it &
    paste in this list of files and when it has created the archive on your desktop please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so we can examine the files

    C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe
    C:\WINDOWS\system32\b89ac51b07.sys
    C:\WINDOWS\System32\ipxpromn1053p.dll


    Please add a link to your post here so we know where the files came from. Thanks.
     
  7. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    Thanks. :)


    While we wait for news about those files, we can continue.


    I'm attaching a FixUSMCBUCK10.zip file to this post. Save it to your desktop. Unzip it and double click the FixUSMCBUCK10.reg file and allow it to enter into the registry.


    Go to Control Panel - Add/Remove programs and remove:

    WildTangent
    AWS (WeatherBug)
    MyWebSearch
    FunWebProducts



    Click Here and download Killbox and save it to your desktop but don’t run it yet.


    Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL

    O2 - BHO: (no name) - SOFTWARE - (no file)

    O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

    O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

    O2 - BHO: (no name) - {2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - C:\WINDOWS\system32\ssqpp.dll (file missing)

    O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\gebcayv.dll (file missing)

    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\fuiqvcdn.dll (file missing)

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local
    settings\temp\Ejfb.exe

    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe

    O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

    O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272

    O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab

    O20 - Winlogon Notify: winips32 - winips32.dll (file missing)


    Then boot to safe mode:


    How to restart to safe mode


    Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      C:\WINDOWS\system32\jkkll.dll
      C:\WINDOWS\system32\ppqss.bak1
      C:\WINDOWS\system32\vcunqjpt.dll
      C:\WINDOWS\system32\fmhedcys.dll
      C:\WINDOWS\system32\vypcsbqk.dll
      C:\DOCUME~1\TEMP\Application Data\Viewpoint
      C:\WINDOWS\system32\ynsyjfuf.dll
      C:\WINDOWS\system32\edeeg.bak2
      C:\WINDOWS\system32\edeeg.bak1
      C:\WINDOWS\system32\gaopntlj.dll
      C:\WildMedia.exe
      C:\Program Files\funwebproducts
      C:\Program Files\mywebsearch
      C:\WINDOWS\system32\P2P Networking
      C:\documents and settings\owner\local
      settings\temp\Ejfb.exe
      C:\WINDOWS\System32\NjpM9X44.exe
      C:\WINDOWS\System32\mcadss.exe
      C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}
      C:\Program Files\AWS
      C:\WINDOWS\System32\mdatoenr.exe


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confirmation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Next in Killbox go to Tools > Delete Temp Files
    • In the window that pops up, put a check by ALL the options there except these three:
      • XP Prefetch
      • Recent
      • History
    • Now click the Delete Selected Temp Files button.
    • Exit the Killbox.


    Boot back to Windows normally and post another WinpFind log please.


    What can you tell me about The College Toolbar? I've never heard of it. Is it something you downloaded intentionally?
     

    Attached Files:

  9. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Yes, I Downloaded College Toolbar as a add on for Firefox and IE. I thought I uninstalled it though. I wasnt aware it was still on my computer.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    If you want to remove it, look to see if it's listed in the Control Panel - Add/Remove programs and if so, uninstall there.


    Then fix these entries with HijackThis:

    O2 - BHO: COLLEGETOOLBAR - {3E15928A-26B2-40b2-A4CA-408720C444BA} - C:\PROGRA~1\THECOL~1\COLLEG~1.DLL

    O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll



    Lastly, remove this folder:

    C:\Program Files\The College Toolbar
     
  11. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Win P Find Log

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 1/26/2007 2:55:40 PM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
    aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
    aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
    PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    UPX! 9/13/2004 2:39:54 PM 69632 C:\WINDOWS\SYSTEM32\first.awp ()
    PTech 6/10/2004 12:47:02 AM H 3279394 C:\WINDOWS\SYSTEM32\kyf.dat ()
    UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
    PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
    WSUD 6/12/2004 2:12:30 PM HS 2926 C:\WINDOWS\SYSTEM32\qyrwi.dat ()
    Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    UPX! 9/13/2004 2:39:56 PM 46080 C:\WINDOWS\SYSTEM32\second.awp ()
    UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
    UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
    UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
    UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
    UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
    winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    1/26/2007 2:41:26 PM S 2048 C:\WINDOWS\bootstat.dat ()
    1/25/2007 9:57:54 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    1/21/2007 3:24:52 PM RHS 168 C:\WINDOWS\system32\B89AC51B07.sys ()
    1/8/2007 3:59:04 AM HS 914072 C:\WINDOWS\system32\edeeg.ini ()
    1/8/2007 3:59:36 AM HS 914072 C:\WINDOWS\system32\edeeg.tmp ()
    1/15/2007 1:06:20 PM HS 916403 C:\WINDOWS\system32\edeeg.tmp2 ()
    1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
    1/24/2007 3:04:28 PM HS 1044435 C:\WINDOWS\system32\ppqss.ini ()
    12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
    12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
    1/26/2007 2:43:06 PM H 1024 C:\WINDOWS\system32\config\default.LOG ()
    1/26/2007 2:41:36 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    1/26/2007 2:51:38 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
    1/26/2007 3:03:06 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
    1/26/2007 3:01:50 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
    1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
    1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    1/26/2007 2:41:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
    8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
    8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
    8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
    8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
    5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
    6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

    Checking for Downloaded Program Files...
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
    {11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
    {17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
    {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    {406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
    {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
    {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    {639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
    {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
    Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
    12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
    10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.yahoo.com/
    \\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    \\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    \\Default_Page_URL - http://www.yahoo.com/
    \\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    \\Local Page - %SystemRoot%\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.yahoo.com/
    \\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    \\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    \\Local Page - C:\WINDOWS\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    \{3E15928A-26B2-40b2-A4CA-408720C444BA} - COLLEGETOOLBAR = C:\PROGRA~1\THECOL~1\COLLEG~1.DLL (College Toolbars)
    \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
    \{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
    \{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \{32683183-48a0-441b-a342-7c2a440a9478} - = ()
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
    \{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    \\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
    \\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
    \WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
    \WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 =
    \\NEXTID - 8202
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
    \\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 =
    \\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 =
    \\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 =
    \\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 =
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
    \\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 =
    \\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \CmdMapping - MenuText: = ()
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
    \{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar =
    \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
    \{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
    \{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
    \{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
    \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
    \\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
    \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
    \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
     
  12. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Win P Find Log Continued


    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
    NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
    nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
    CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
    KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
    StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
    dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
    Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
    IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
    HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
    PS2 - C:\WINDOWS\system32\ps2.exe ()
    Ejfb - C:\documents and settings\owner\local settings\temp\Ejfb.exe ()
    MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
    MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (Networks Associates Technology, Inc)
    HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
    rDM - C:\windows\system32\rDM.exe ()
    ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
    sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
    OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
    EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
    MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
    NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
    SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
    ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
    TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    CTDrive - rundll32.exe C:\WINDOWS\system32\drvzox.dll ()
    !AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
    Aim6 - Reg Data missing or invalid ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    \\SV1 -

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
    C:\WINDOWS\System32\ipxpromn1053p.dll = ()

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{664A7BBA-92C4-4086-8B63-D029A149629E} - = ()
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \igfxcui - igfxsrvc.dll = (Intel Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
    {2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
    {60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<

    >>>>Output for AddOn file Policies.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
    policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
    policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
    policies\system\\dontdisplaylastusername - 0
    policies\system\\legalnoticecaption -
    policies\system\\legalnoticetext -
    policies\system\\shutdownwithoutlogon - 1
    policies\system\\undockwithoutlogon - 1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Explorer\\NoDriveTypeAutoRun - 145
    policies\System\\DisableRegistryTools - 0

    >>>>Output for AddOn file Security.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    BITS\\Type - 32
    BITS\\Start - 3
    BITS\\ErrorControl - 1
    BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    BITS\\DisplayName - Background Intelligent Transfer Service
    BITS\\DependOnService - Rpcss;
    BITS\\DependOnGroup -
    BITS\\ObjectName - LocalSystem
    BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
    BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
    BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    BITS\Enum\\0 - Root\LEGACY_BITS\0000
    BITS\Enum\\Count - 1
    BITS\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\Type - 32
    SharedAccess\\Start - 2
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\DependOnGroup -
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\Epoch\\Epoch - 263537
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*:Disabled:AOLHostManager Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*:Disabled:McAfee SecurityCenter Agent
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe - C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe:*:Enabled:win1B63.tmp
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\winF2.tmp.exe - C:\WINDOWS\TEMP\winF2.tmp.exe:*:Enabled:winF2.tmp
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    There will be more files to delete but I think it's best to wait until we hear back about those other files before continuing.

    Please post a new HijackThis log in the meantime.
     
  14. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    New Hijack This Log



    Logfile of HijackThis v1.99.1
    Scan saved at 6:52:31 PM, on 1/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\program files\common files\aol\1106867256\ee\aolssc.exe
    C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  15. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537170

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice