Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HJT log--please help. Cannot update windows. AVG corrupted

Started by orchid , Mar 20 2007 02:21 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 20 March 2007 - 02:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:27:27 PM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.azdes.go...kicpoysgx4d3df5)/frame_Main.aspx"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363} - C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.azdes.gov
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120577502578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141453043390
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fide...lityToolbar.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.co...sh.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...aploader_v7.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18....ex/HMAtchmt.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    Advertisements

Register to Remove

#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 24 March 2007 - 07:35 PM

Hello and welcome to TomCoyote! I'm _silver_ and I'm currently looking over your log. Please hold on while I research a fix for you.
ASAP & UNITE Member

#3 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 25 March 2007 - 04:46 AM

Hi orchid,

In the topic title you said you cannot update Windows and AVG is corrupt, can you tell me what happens when you try to visit Windows Update? Please also tell me what happens when you use AVG and why you say it is corrupted.

You have an ActiveX Control from logmein.com installed on your computer. Please tell me if you knowingly installed and used this software.

You may have a program called WeatherBug installed on your computer. It is not malware but it has been labelled so in the past and there is current debate as to it's status. I recommend you remove this program for these reasons and because there are free alternatives which are known to be clean:

Weather Pulse
Weather Watcher

To uninstall WeatherBug:
Navigate to Start->Control Panel->Add/Remove Programs
Look down the list for Weatherbug and click Remove (if present)

Next please open HijackThis, choose Do a system scan only and place a check-mark next to the following lines:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...aploader_v7.cab

If you removed Weatherbug, or it was not installed, then also place a check-mark next to this line (if present):
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and then close HijackThis.

Next, download, install, and update AVG Anti-Spyware 7.5
Download the installer from this page:
http://www.ewido.net/en/download/
  • Save the installer to desktop
  • Double click the installer, select your language, and then select OK
  • Click NEXT->Do or don't read the "User License Agreement"
    Select I Agree->NEXT->INSTALL
  • AVG will now install and afterwards click FINISH
  • Click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes the status bar at the bottom will display "Update successful"
  • Close AVG Anti-Spyware 7.5. Do not run a scan yet.
Reboot your computer into Safe Mode
To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads.
Select Safe Mode at the top, on the screen that appears.
Sign in with your normal user account

Once in safe mode:
  • Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the Settings tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and Un-check Only if Threats are found
  • Click back to the Scan tab and then click on Complete System Scan.
  • This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
  • Click the Apply all actions button. AVG Anti-Spyware 7.5 will display All actions have been applied on the right hand side.
  • Click on Save Report, then Save Report As. This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Now reboot your computer normally

Once complete, please post the AVG Antispyware log and a new HijackThis log, as well as the answers to the questions at the top of the post.
ASAP & UNITE Member

#4 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 26 March 2007 - 10:42 AM

Thanks for your input! Will tryy to get this done by the end of the day.

#5 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 26 March 2007 - 05:39 PM

Hi silver.
AVG free 7.5 anti virus was corrupt -- ( wouldn't install updates) so removed. Downloaded and reinstalled, working fine now. Also downloaded AVG antispyware ( per your instructions) and the log is posted below. Windows updates are in taskbar, but when trying to install them they proceed all the way to the end and then an error message says "updates installation is not successful". Have tried going to Microsoft page to redownload, but the window just hangs (looks like it is busy searching, but nothing happens). Also, LogMeIn was an intentional download -- but never worked. Using RADMIN now. Removed all the issues you pointed out in the HJT log file, and the new scan is posted below the AVG antispyware scan results below. Thanks again for your help.

AVG Report Scan
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:56:29 PM 3/26/2007

+ Scan result:



HKU\S-1-5-21-4196226866-601896565-1133206147-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
-> Adware.CouponBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-4196226866-601896565-1133206147-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BAE99AF-A9F7-4F7E-9C72-2C1CC81BE0FF}
-> Adware.CreatrixMedia : Cleaned with backup (quarantined).
HKU\S-1-5-21-4196226866-601896565-1133206147-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
-> Adware.Generic : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.11:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.12:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.8:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.9:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt -> TrackingCookie.2o7
: Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Adjuggler : Cleaned.
C:\Documents and
Settings\Owner\Cookies\owner@e-2dj6wfmiagcjkao.stats.esomniture[2].txt ->
TrackingCookie.Esomniture : Cleaned.
C:\Documents and
Settings\Owner\Cookies\owner@e-2dj6wfmiaidzifq.stats.esomniture[2].txt ->
TrackingCookie.Esomniture : Cleaned.
C:\Documents and
Settings\Owner\Cookies\owner@e-2dj6wjny-1icjoa.stats.esomniture[1].txt ->
TrackingCookie.Esomniture : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.live[2].txt ->
TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[1].txt ->
TrackingCookie.Netflame : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Pro-market : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Pro-market : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Pro-market : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Qksrv : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Qksrv : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Real : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@guide.real[2].txt ->
TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt ->
TrackingCookie.Realmedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Revsci : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\cookies.txt ->
TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt ->
TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[2].txt ->
TrackingCookie.Webtrends : Cleaned.


::Report end





Hi Jack this scan results

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:09:56 PM, on 3/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class -
{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar
2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage",
"https://www.azdes.go...kicpoysgx4d3df5)/frame_Main.aspx");
(C:\Documents and Settings\OWNER\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\OWNER\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
-
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363}
-
C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType
Pro\type32.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program
Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol
toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}
-
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66}
-
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
-
c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
-
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
-
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.azdes.gov
O16 - DPF: Yahoo! Literati -
http://download.game...nts/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX
Scan
Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
-
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting)
-
http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
-
http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.micros...b?1120577502578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.micros...b?1141453043390
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
-
http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) -
http://personal.fide...lityToolbar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
-
http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment
1.4.0_01) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
(CPlayFirstDinerDashControl Object) -
http://games.pogo.co...sh.1.0.0.80.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments
Control) - http://by18fd.bay18....ex/HMAtchmt.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer
Activex Control) - https://secure.logme...trl.cab?lmi=100
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 27 March 2007 - 12:08 AM

Hi orchid,

I'm glad to hear that you've got AVG working, those scans looked OK too, however we'll do a couple further to be sure - but first HijackThis:

HijackThis Version 2 is still in beta (testing) phase and unproven at this time so we wish to use the latest full release 1.99.1 for cleaning your machine. Also please make sure that when you post a log, you turn off Word wrap in Notepad, otherwise it posts incorrectly and is difficult to read.

We can clean the unused logmein.com entry, and also the Microsoft Windows Update ActiveX Control in case it has been corrupted. This means however that next time you visit Windows Update you will have to download them again.

Please open HijackThis (1.99.1), select Do a system scan only and place a check-mark next to the following lines:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120577502578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141453043390
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Next, clean your Windows Update temporary folder as some downloads may have been corrupted:
  • Click Start->Run, type services.msc, and then click OK
  • In the Services (Local) pane, right-click Automatic Updates, and then click Stop
  • Minimize the Services (local) window
  • Use Windows Explorer to browse to this folder:
    C:\Windows\SoftwareDistribution
  • Select all the contents of this folder and delete them
  • Make sure that the SoftwareDistribution folder is empty, and then maximize the Services (local) window
  • In the Services (Local) pane, right-click Automatic Updates, and then click Start
  • Restart the computer, and then try visiting Windows Update again
Next, download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Post the log file in your next response.
It can be quite long, so please check once you have posted, and if the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Once complete, please post the WinPFind3u log along with a new HijackThis log, and tell me how you got on with Windows Update.
ASAP & UNITE Member

#7 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 28 March 2007 - 03:05 PM

Here is the newest log file from the older HJT version (removed the 3 entries you outlined). Hope it is formatted correctly. The other scan is running (WinPFind3u) -- although it has frozen a couple of times. Will try to get it posted later. Thanks again for your help.

Logfile of HijackThis v1.99.1
Scan saved at 1:34:16 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class -
{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar
2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage",
"https://www.azdes.go...kicpoysgx4d3df5)/frame_Main.aspx");
(C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
-
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363}
-
C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType
Pro\type32.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program
Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol
toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}
-
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66}
-
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
-
c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
-
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
-
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.azdes.gov
O16 - DPF: Yahoo! Literati -
http://download.game...nts/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX
Scan
Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
-
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting)
-
http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
-
http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
-
http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) -
http://personal.fide...lityToolbar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
-
http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment
1.4.0_01) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
(CPlayFirstDinerDashControl Object) -
http://games.pogo.co...sh.1.0.0.80.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments
Control) - http://by18fd.bay18....ex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

#8 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 28 March 2007 - 03:18 PM

Here is the WinPFind3u file:


WinPFind3 logfile created on: 3/28/2007 1:52:17 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247 Mb Total Physical Memory | 91 Mb Available Physical Memory | 37.07%
Memory free
878 Mb Paging File | 605 Mb Available in Paging File | 68.86% Paging File
free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Files
Drive C: | 32 Gb Total Space | 16 Gb Free Space | 52.26% Space Free
Drive D: | 4 Gb Total Space | 2 Gb Free Space | 41.44% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DIANERALEY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o.
[Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18
PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ->
Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes
|
Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver
=
7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM |
Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o.
[Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16
PM
| Attr = ]
brmfrsmg.exe -> %System32%\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver =
1.45.15.340 | Size = 32256 bytes | Modified Date = 8/17/2001 11:36:38 PM
|
Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe ->
Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes |
Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company
[Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38
PM
| Attr = ]
pptd40nt.exe -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft,
Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34
AM
| Attr = ]
winpfind3u.exe -> %SystemDrive%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools
[Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 3/26/2007 8:04:38
PM
| Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running]
-> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware
Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date
=
9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] ->
%ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445
| Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18 PM | Attr =
]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] ->
%ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420
| Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16 PM | Attr =
]
(brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own |
Disabled | Stopped] -> %System32%\Brmfrmps.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared |
On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas
Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date =
8/4/2004 12:56:48 AM | Attr = ]
(msCMTSrvc) Content Monitoring Tool [Win32_Own | Disabled | Stopped] ->
%System32%\msCMTSrvc.exe -> File not found
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Disabled | Stopped] ->
%System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size =
61440 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
(RServer3) Radmin Server V3 [Win32_Own | Disabled | Stopped] ->
%System32%\rserver30\rserver3.exe -> Famatech International Corp. [Ver =
3,
0, 0, 5 | Size = 1235032 bytes | Modified Date = 2/2/2007 2:35:06 PM | Attr
= ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
-> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880
bytes |
Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver =
7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM |
Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver
= 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38
PM |
Attr = ]
IndexSearch -> %ProgramFiles%\Scansoft\PaperPort\IndexSearch.exe -> [Ver
=
| Size = 36864 bytes | Modified Date = 8/12/2002 10:07:26 AM | Attr =
]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190
| Size
= 372736 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
PaperPort PTD -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft,
Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34
AM
| Attr = ]
SetDefPrt -> %ProgramFiles%\Brother\Brmfl03a\BrStDvPt.exe -> File not found
< OptionalComponents [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NVIEW -> %System32%\nview.dll [rundll32.exe nview.dll,nViewLoadHook] ->
NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified
Date
= 10/1/2002 12:39:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start
Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk ->
%ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems
Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date =
10/23/2006 1:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk ->
%ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver =
8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM |
Attr = ]
< ShellExecuteHooks [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG
Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware
Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date
=
9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889
|
Size = 344064 bytes | Modified Date = 8/20/2004 3:50:54 PM | Attr =
]
< HOSTS File > ->
-> Hosts file not found ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL ->
http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch ->
http://ie.search.msn...st/srchasst.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://qus7.hpwis.com/ ->
HKCU: Default_Search_URL -> http://search.msn.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://hotmail.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] ->
%ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOLTBSearch Class] -> America
Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date =
8/2/2005 11:41:14 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\
www_azdes.gov [http] -> ->
< BHO's > ->
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] ->
%CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF
Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200
|
Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =
]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot
-
Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1,
4, 0,
0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr =
]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL
Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver =
2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM
|
Attr = ]
< Internet Explorer Bars [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not
found
[Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not
found
[Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not
found
[Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{76886F39-D4D8-4f00-A354-3CC1C364F363} [HKLM] -> %SystemRoot%\Downloaded
Program Files\FidelityToolbar.dll [Fidelity Toolbar] -> [Ver = | Size =
524362 bytes | Modified Date = 12/8/2003 5:17:48 PM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL
Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver =
2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM
|
Attr = ]
< Internet Explorer ToolBars [HKCU] > ->
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data
- Key
not found [Reg Data - Key not found] -> File not found
WebBrowser\\{76886F39-D4D8-4F00-A354-3CC1C364F363} [HKLM] ->
%SystemRoot%\Downloaded Program Files\FidelityToolbar.dll [Fidelity Toolbar]
-> [Ver = | Size = 524362 bytes | Modified Date = 12/8/2003 5:17:48
PM |
Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] ->
%ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America
Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date =
8/2/2005 11:41:14 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data
- Key
not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not
exist
[ButtonText: AOL Toolbar] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not
found
[MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not
exist
[ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe
[ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160
bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not
exist
[ButtonText: MoneySide] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not
found
[MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > ->
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar
2.0\resources\en-US\local\search.htm -> File not found
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm
->
File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform
sv1 -> ->
< DNS Name Servers [HKLM] > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{10F5A075-0374-45A1-B11E-D2BBB4EAB639} -> (1394 Net Adapter) ->
{E4400E61-C9F8-45FD-81CD-A48F7422CAE2} -> (Realtek RTL8139 Family
PCI
Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code
Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control
-
CodeBase =
http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage
Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan
Agent 6.6
- CodeBase =
http://housecall65.t...ivex/hcImpl.cab
->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase
=
C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -> MSN Money Charting - CodeBase
=
http://moneycentral....bs/pmupd806.exe ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation
Engine
- CodeBase = http://office.micros...ntent/opuc2.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase =
http://download.mcaf...83/mcinsctl.cab
->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase
=
http://download.bitd...can8/oscan8.cab ->
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} -> Housecall ActiveX 6.5 - CodeBase
=
http://housecall65.t...ivex/hcImpl.cab
->
{76886F39-D4D8-4F00-A354-3CC1C364F363} -> Fidelity Toolbar - CodeBase
=
http://personal.fide...lityToolbar.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class
-
CodeBase = http://acs.pandasoft...free/asinst.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase
=
http://download.yaho...mail/ymmapi.dll ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl
Class - CodeBase =
http://messenger.msn...pDownloader.cab ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase
=
http://ax.emsisoft.com/asquared.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase =
http://download.mcaf...,20/mcgdmgr.cab
->
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} -> - CodeBase = ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object -
CodeBase
= http://download.macr...ash/swflash.cab ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl
Object
- CodeBase =
http://games.pogo.co...sh.1.0.0.80.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control
-
CodeBase = http://by18fd.bay18....ex/HMAtchmt.ocx ->
DirectAnimation Java Classes -> - CodeBase =
file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase =
file://C:\WINDOWS\Java\classes\xmldso.cab ->
Yahoo! Literati -> - CodeBase =
http://download.game...nts/y/tt4_x.cab ->
Yahoo! MahJong Solitaire -> - CodeBase =
http://download.game...s/y/mjst4_x.cab ->


[Files/Folders - Created Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Created Date = 3/21/2007
12:33:49 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Created Date = 3/21/2007
7:21:31 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 3/21/2007 5:13:59
PM | Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Created Date =
3/28/2007 1:48:23 PM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder |
Created Date = 3/17/2007 11:33:17 PM | Attr = H ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes
| Created
Date = 3/21/2007 1:53:53 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes
|
Created Date = 3/21/2007 10:30:10 PM | Attr = HS]
autoexec.bak -> %System32%\autoexec.bak -> [Ver = | Size = 1688
bytes |
Created Date = 3/21/2007 12:35:00 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes
| Created
Date = 3/21/2007 1:52:23 AM | Attr = ]
config.bak -> %System32%\config.bak -> [Ver = | Size = 2577 bytes
|
Created Date = 3/21/2007 12:35:00 PM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes
| Created
Date = 3/8/2007 12:38:53 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver =
7.5.0.444 | Size = 775680 bytes | Created Date = 3/21/2007 6:48:48 PM |
Attr
= ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver =
7,0,0,340 | Size = 4224 bytes | Created Date = 3/21/2007 6:48:51 PM | Attr
=
]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver =
7.5.0.442 | Size = 27776 bytes | Created Date = 3/21/2007 6:48:52 PM | Attr
= ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver =
1.0.0.14 | Size = 3968 bytes | Created Date = 3/26/2007 12:20:41 PM | Attr
=
]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver =
1.0.0.14 | Size = 3968 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr
=
]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver =
7.5.0.442 | Size = 19392 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr
= ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver =
1.5.0.1052 | Size = 76560 bytes | Created Date = 3/21/2007 6:46:27 AM |
Attr
= ]

[Files/Folders - Modified Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Modified Date = 3/21/2007
4:09:04 PM | Attr = ]
batchqry.bat -> %SystemDrive%\batchqry.bat -> [Ver = | Size = 22
bytes |
Modified Date = 3/22/2007 2:52:54 PM | Attr = ]
bdtmp -> %SystemDrive%\bdtmp -> [Folder | Modified Date = 3/22/2007 2:52:26
PM | Attr = H ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 199 bytes
| Modified
Date = 3/19/2007 8:21:22 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date =
3/21/2007 6:16:02 PM | Attr = ]
Ddd edi HOLDING FILE -> %SystemDrive%\Ddd edi HOLDING FILE -> [Folder |
Modified Date = 3/27/2007 12:09:42 AM | Attr = ]
DDDEDI -> %SystemDrive%\DDDEDI -> [Folder | Modified Date = 3/22/2007
2:53:24 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder
|
Modified Date = 3/19/2007 7:31:28 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/26/2007
12:07:14 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Modified Date = 3/21/2007
7:21:34 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 3/21/2007 9:59:54
PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/22/2007 10:41:04
AM
| Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Modified Date =
3/28/2007 1:48:24 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/13/2007
8:37:32 PM | Attr = H ]
$NtUninstallKB824141$ -> %SystemRoot%\$NtUninstallKB824141$ -> [Folder |
Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828028$ -> %SystemRoot%\$NtUninstallKB828028$ -> [Folder |
Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828035$ -> %SystemRoot%\$NtUninstallKB828035$ -> [Folder |
Modified Date = 3/20/2007 9:45:20 PM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder |
Modified Date = 3/20/2007 9:45:44 PM | Attr = H ]
$NtUninstallKB839645$ -> %SystemRoot%\$NtUninstallKB839645$ -> [Folder |
Modified Date = 3/20/2007 9:45:54 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder |
Modified Date = 3/19/2007 7:27:06 PM | Attr = H ]
$NtUninstallQ828026$ -> %SystemRoot%\$NtUninstallQ828026$ -> [Folder |
Modified Date = 3/20/2007 9:48:50 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/20/2007
9:48:52 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/19/2007
7:31:00 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 3/21/2007
11:14:14 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048
bytes |
Modified Date = 3/26/2007 2:59:00 PM | Attr = S]
BrmfBidi.ini -> %SystemRoot%\BrmfBidi.ini -> [Ver = | Size = 1089
bytes |
Modified Date = 3/27/2007 10:38:44 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->
[Folder | Modified Date = 3/28/2007 1:32:26 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/19/2007 7:30:54
PM
| Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/22/2007 10:15:12
AM
| Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/28/2007
3:13:58 AM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date =
3/13/2007 10:55:44 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified
Date = 3/5/2007 12:51:16 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 636 bytes |
Modified
Date = 3/8/2007 10:27:58 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161
bytes |
Modified Date = 3/8/2007 10:27:58 PM | Attr = ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes
|
Modified Date = 3/21/2007 1:53:54 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/28/2007
1:49:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder |
Modified Date = 3/28/2007 1:41:24 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/21/2007
6:48:30 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 290 bytes
|
Modified Date = 3/19/2007 8:21:22 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/28/2007 1:32:32
PM |
Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/2/2007 12:52:04
AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/28/2007 3:13:58
AM
| Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 981 bytes | Modified
Date = 3/19/2007 8:21:22 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/19/2007
7:34:26 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes |
Modified
Date = 3/26/2007 2:59:08 PM | Attr = H ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size =
362
bytes | Modified Date = 3/27/2007 3:00:02 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes
|
Modified Date = 3/21/2007 10:30:12 PM | Attr = HS]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 3/21/2007
12:24:14 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/21/2007
10:32:14 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/28/2007
1:32:24 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes
|
Modified Date = 3/21/2007 1:52:24 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/21/2007 12:25:00
AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/28/2007
1:32:38 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/26/2007
12:20:42 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 3/17/2007 8:03:14
AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes |
Modified
Date = 3/20/2007 7:31:36 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 3/19/2007 7:32:20
PM |
Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes
|
Modified Date = 3/20/2007 7:31:34 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 60170
bytes |
Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 396982
bytes |
Modified Date = 3/13/2007 12:51:50 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = |
Size =
447082 bytes | Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0
| Size = 6656 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr =
]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0
| Size = 5632 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr =
]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver =
6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM
|
Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes
| Modified
Date = 3/22/2007 11:25:32 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550
bytes |
Modified Date = 3/20/2007 7:31:36 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/21/2007 12:29:46
AM
| Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified
Date = 3/26/2007 3:01:36 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver =
7.5.0.444 | Size = 775680 bytes | Modified Date = 3/21/2007 6:48:50 PM |
Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver =
7,0,0,340 | Size = 4224 bytes | Modified Date = 3/21/2007 6:48:52 PM | Attr
= ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver =
7.5.0.442 | Size = 27776 bytes | Modified Date = 3/21/2007 6:48:54 PM |
Attr
= ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver =
1.0.0.14 | Size = 3968 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr
=
]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver =
7.5.0.442 | Size = 19392 bytes | Modified Date = 3/21/2007 6:48:54 PM |
Attr
= ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/21/2007
12:35:02 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver =
1.5.0.1052 | Size = 76560 bytes | Modified Date = 3/20/2007 11:54:50 AM
|
Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size =
716 bytes
| Modified Date = 3/2/2007 12:50:36 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\DOTEST.EXE -> Sonbry Marketing International
[Ver = 1.00.0215 | Size = 332800 bytes | Modified Date = 8/29/2004 1:06:52
PM | Attr = ]
PEC2 , -> %SystemRoot%\pcboot.exe -> Sonbry [Ver = 1.00 | Size =
6656 bytes
| Modified Date = 5/19/2001 8:08:44 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\realtime.exe -> [Ver = 1.00 | Size =
91648
bytes | Modified Date = 8/29/2004 1:07:16 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\ss3unstl.exe -> [Ver = | Size = 18432
bytes
| Modified Date = 12/7/2003 1:59:52 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\UnGins.exe -> [Ver = | Size = 41984
bytes |
Modified Date = 12/20/2002 6:12:50 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Unwash5.exe -> [Ver = | Size = 44032
bytes
| Modified Date = 5/17/2004 5:05:18 AM | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver =
2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 3:20:44 PM
|
Attr = ]
aspack , -> %System32%\AresButtonPro.ocx -> programmer Dikov Artiom
art@guard.ricor.ru [Ver = 6, 0, 0, 3 | Size = 658944 bytes | Modified Date
=
7/11/2000 11:39:34 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes |
Modified
Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , -> %System32%\igfxhcsy.lhp -> [Ver = | Size = 59914 bytes
|
Modified Date = 8/20/2004 3:56:24 PM | Attr = ]
Thawte Consulting , -> %System32%\LMImirr2.dll -> LogMeIn, Inc. [Ver =
2.30.542 | Size = 9584 bytes | Modified Date = 10/6/2006 8:56:06 PM | Attr
=
]
Thawte Consulting , -> %System32%\ractrlkeyhook.dll -> [Ver = | Size
=
7936 bytes | Modified Date = 10/12/2006 5:18:56 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver
=
6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM
|
Attr = ]
aspack , -> %System32%\Sase.ocx -> [Ver = 2.3.9.0 | Size = 227840
bytes |
Modified Date = 8/4/2001 6:43:54 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Tropical Screensaver.scr -> [Ver = 1, 0,
0, 1
| Size = 1566144 bytes | Modified Date = 12/7/2003 1:59:50 AM | Attr =
]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184
bytes |
Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc
(450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver =
4.5.80.0 | Size = 406048 bytes | Modified Date = 11/21/2001 1:34:08 PM |
Attr = R ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size =
13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys ->
GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date =
3/21/2007 6:48:50 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15
| Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr =
]

< End of report >

#9 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 28 March 2007 - 07:42 PM

I swear this one is not wrapped. :-)

Logfile of HijackThis v1.99.1
Scan saved at 1:34:16 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.azdes.go...kicpoysgx4d3df5)/frame_Main.aspx");(C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");(C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\ProgramFiles\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363}- C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aoltoolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (filemissing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\ProgramFiles\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.azdes.gov
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine AdvantageValidation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveXScan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting)- http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)- http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)- http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) -http://personal.fidelity.com/products/toolbar/FidelityToolbar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan InstallerClass) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)- http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment1.4.0_01) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.co...sh.1.0.0.80.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail AttachmentsControl) - http://by18fd.bay18....ex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

#10 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 28 March 2007 - 09:13 PM

Non-wrapped WinPFind3u file:

WinPFind3 logfile created on: 3/28/2007 7:06:28 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247 Mb Total Physical Memory | 96 Mb Available Physical Memory | 39.17% Memory free
606 Mb Paging File | 261 Mb Available in Paging File | 43.11% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32 Gb Total Space | 17 Gb Free Space | 52.67% Space Free
Drive D: | 4 Gb Total Space | 2 Gb Free Space | 41.44% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DIANERALEY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16 PM | Attr = ]
brmfrsmg.exe -> %System32%\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Modified Date = 8/17/2001 11:36:38 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
pptd40nt.exe -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 3/26/2007 8:04:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/24/2007 5:49:18 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/11/2007 1:46:16 PM | Attr = ]
(brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own | Disabled | Stopped] -> %System32%\Brmfrmps.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(msCMTSrvc) Content Monitoring Tool [Win32_Own | Disabled | Stopped] -> %System32%\msCMTSrvc.exe -> File not found
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Disabled | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 61440 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
(RServer3) Radmin Server V3 [Win32_Own | Disabled | Stopped] -> %System32%\rserver30\rserver3.exe -> Famatech International Corp. [Ver = 3, 0, 0, 5 | Size = 1235032 bytes | Modified Date = 2/2/2007 2:35:06 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/21/2007 6:48:44 PM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ]
IndexSearch -> %ProgramFiles%\Scansoft\PaperPort\IndexSearch.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/12/2002 10:07:26 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 372736 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
PaperPort PTD -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 8/12/2002 9:33:34 AM | Attr = ]
SetDefPrt -> %ProgramFiles%\Brother\Brmfl03a\BrStDvPt.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NVIEW -> %System32%\nview.dll [rundll32.exe nview.dll,nViewLoadHook] -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified Date = 10/1/2002 12:39:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 3:50:54 PM | Attr = ]
< HOSTS File > ->
-> Hosts file not found ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchasst.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://qus7.hpwis.com/ ->
HKCU: Default_Search_URL -> http://search.msn.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://hotmail.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOLTBSearch Class] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
www_azdes.gov [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{76886F39-D4D8-4f00-A354-3CC1C364F363} [HKLM] -> %SystemRoot%\Downloaded Program Files\FidelityToolbar.dll [Fidelity Toolbar] -> [Ver = | Size = 524362 bytes | Modified Date = 12/8/2003 5:17:48 PM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{76886F39-D4D8-4F00-A354-3CC1C364F363} [HKLM] -> %SystemRoot%\Downloaded Program Files\FidelityToolbar.dll [Fidelity Toolbar] -> [Ver = | Size = 524362 bytes | Modified Date = 12/8/2003 5:17:48 PM | Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 11:41:14 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
sv1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{10F5A075-0374-45A1-B11E-D2BBB4EAB639} -> (1394 Net Adapter) ->
{E4400E61-C9F8-45FD-81CD-A48F7422CAE2} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.t...ivex/hcImpl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -> MSN Money Charting - CodeBase = http://moneycentral....bs/pmupd806.exe ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc2.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcaf...83/mcinsctl.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitd...can8/oscan8.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1175131232984 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1175131210859 ->
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} -> Housecall ActiveX 6.5 - CodeBase = http://housecall65.t...ivex/hcImpl.cab ->
{76886F39-D4D8-4F00-A354-3CC1C364F363} -> Fidelity Toolbar - CodeBase = http://personal.fide...lityToolbar.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yaho...mail/ymmapi.dll ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase = http://download.mcaf...,20/mcgdmgr.cab ->
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} -> - CodeBase = ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macr...ash/swflash.cab ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl Object - CodeBase = http://games.pogo.co...sh.1.0.0.80.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by18fd.bay18....ex/HMAtchmt.ocx ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
Yahoo! Literati -> - CodeBase = http://download.game...nts/y/tt4_x.cab ->
Yahoo! MahJong Solitaire -> - CodeBase = http://download.game...s/y/mjst4_x.cab ->


[Files/Folders - Created Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Created Date = 3/21/2007 12:33:49 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Created Date = 3/21/2007 7:21:31 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 3/21/2007 5:13:59 PM | Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Created Date = 3/28/2007 1:48:23 PM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/17/2007 11:33:17 PM | Attr = H ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 3/28/2007 6:21:18 PM | Attr = ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Created Date = 3/21/2007 1:53:53 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes | Created Date = 3/21/2007 10:30:10 PM | Attr = HS]
autoexec.bak -> %System32%\autoexec.bak -> [Ver = | Size = 1688 bytes | Created Date = 3/21/2007 12:35:00 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Created Date = 3/21/2007 1:52:23 AM | Attr = ]
config.bak -> %System32%\config.bak -> [Ver = | Size = 2577 bytes | Created Date = 3/21/2007 12:35:00 PM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Created Date = 3/8/2007 12:38:53 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 3/21/2007 6:48:48 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 3/21/2007 6:48:51 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 3/21/2007 6:48:52 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/26/2007 12:20:41 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 3/21/2007 6:48:53 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 3/21/2007 6:46:27 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
AV-CLS -> %SystemDrive%\AV-CLS -> [Folder | Modified Date = 3/21/2007 4:09:04 PM | Attr = ]
batchqry.bat -> %SystemDrive%\batchqry.bat -> [Ver = | Size = 22 bytes | Modified Date = 3/22/2007 2:52:54 PM | Attr = ]
bdtmp -> %SystemDrive%\bdtmp -> [Folder | Modified Date = 3/22/2007 2:52:26 PM | Attr = H ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 199 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/21/2007 6:16:02 PM | Attr = ]
Ddd edi HOLDING FILE -> %SystemDrive%\Ddd edi HOLDING FILE -> [Folder | Modified Date = 3/28/2007 6:32:34 PM | Attr = ]
DDDEDI -> %SystemDrive%\DDDEDI -> [Folder | Modified Date = 3/22/2007 2:53:24 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/19/2007 7:31:28 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/26/2007 12:07:14 PM | Attr = ]
SAV32CLI -> %SystemDrive%\SAV32CLI -> [Folder | Modified Date = 3/21/2007 7:21:34 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 3/21/2007 9:59:54 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
WinPFind3u -> %SystemDrive%\WinPFind3u -> [Folder | Modified Date = 3/28/2007 1:57:38 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/13/2007 8:37:32 PM | Attr = H ]
$NtUninstallKB824141$ -> %SystemRoot%\$NtUninstallKB824141$ -> [Folder | Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828028$ -> %SystemRoot%\$NtUninstallKB828028$ -> [Folder | Modified Date = 3/20/2007 9:45:18 PM | Attr = H ]
$NtUninstallKB828035$ -> %SystemRoot%\$NtUninstallKB828035$ -> [Folder | Modified Date = 3/20/2007 9:45:20 PM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder | Modified Date = 3/20/2007 9:45:44 PM | Attr = H ]
$NtUninstallKB839645$ -> %SystemRoot%\$NtUninstallKB839645$ -> [Folder | Modified Date = 3/20/2007 9:45:54 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/19/2007 7:27:06 PM | Attr = H ]
$NtUninstallQ828026$ -> %SystemRoot%\$NtUninstallQ828026$ -> [Folder | Modified Date = 3/20/2007 9:48:50 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/20/2007 9:48:52 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/19/2007 7:31:00 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 3/21/2007 11:14:14 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/28/2007 2:37:26 PM | Attr = S]
BrmfBidi.ini -> %SystemRoot%\BrmfBidi.ini -> [Ver = | Size = 1089 bytes | Modified Date = 3/28/2007 2:38:06 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/19/2007 7:30:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/22/2007 10:15:12 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/28/2007 7:02:04 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/13/2007 10:55:44 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 3/5/2007 12:51:16 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 636 bytes | Modified Date = 3/8/2007 10:27:58 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 3/8/2007 10:27:58 PM | Attr = ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 3/21/2007 1:53:54 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/28/2007 7:02:18 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 3/28/2007 6:22:22 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/21/2007 6:48:30 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 290 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/2/2007 12:52:04 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/28/2007 6:21:20 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 981 bytes | Modified Date = 3/19/2007 8:21:22 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/19/2007 7:34:26 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/28/2007 2:37:34 PM | Attr = H ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 362 bytes | Modified Date = 3/27/2007 3:00:02 AM | Attr = ]
access.ctl -> %System32%\access.ctl -> [Ver = | Size = 6144 bytes | Modified Date = 3/21/2007 10:30:12 PM | Attr = HS]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 3/21/2007 12:24:14 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/21/2007 10:32:14 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/28/2007 6:20:26 PM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 3/21/2007 1:52:24 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/21/2007 12:25:00 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/28/2007 6:21:26 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/26/2007 12:20:42 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 3/17/2007 8:03:14 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/20/2007 7:31:36 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 3/19/2007 7:32:20 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/20/2007 7:31:34 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 60170 bytes | Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 396982 bytes | Modified Date = 3/13/2007 12:51:50 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 447082 bytes | Modified Date = 3/13/2007 12:51:48 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 3/11/2007 1:29:06 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Modified Date = 3/22/2007 11:25:32 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/20/2007 7:31:36 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/21/2007 12:29:46 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 3/28/2007 6:44:10 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/21/2007 6:48:50 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 3/21/2007 6:48:52 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 3/21/2007 6:48:54 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/21/2007 12:35:02 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 3/20/2007 11:54:50 AM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 716 bytes | Modified Date = 3/2/2007 12:50:36 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\DOTEST.EXE -> Sonbry Marketing International [Ver = 1.00.0215 | Size = 332800 bytes | Modified Date = 8/29/2004 1:06:52 PM | Attr = ]
PEC2 , -> %SystemRoot%\pcboot.exe -> Sonbry [Ver = 1.00 | Size = 6656 bytes | Modified Date = 5/19/2001 8:08:44 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\realtime.exe -> [Ver = 1.00 | Size = 91648 bytes | Modified Date = 8/29/2004 1:07:16 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\ss3unstl.exe -> [Ver = | Size = 18432 bytes | Modified Date = 12/7/2003 1:59:52 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\UnGins.exe -> [Ver = | Size = 41984 bytes | Modified Date = 12/20/2002 6:12:50 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Unwash5.exe -> [Ver = | Size = 44032 bytes | Modified Date = 5/17/2004 5:05:18 AM | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 3:20:44 PM | Attr = ]
aspack , -> %System32%\AresButtonPro.ocx -> programmer Dikov Artiom art@guard.ricor.ru [Ver = 6, 0, 0, 3 | Size = 658944 bytes | Modified Date = 7/11/2000 11:39:34 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , -> %System32%\igfxhcsy.lhp -> [Ver = | Size = 59914 bytes | Modified Date = 8/20/2004 3:56:24 PM | Attr = ]
Thawte Consulting , -> %System32%\LMImirr2.dll -> LogMeIn, Inc. [Ver = 2.30.542 | Size = 9584 bytes | Modified Date = 10/6/2006 8:56:06 PM | Attr = ]
Thawte Consulting , -> %System32%\ractrlkeyhook.dll -> [Ver = | Size = 7936 bytes | Modified Date = 10/12/2006 5:18:56 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/11/2007 1:29:50 PM | Attr = ]
aspack , -> %System32%\Sase.ocx -> [Ver = 2.3.9.0 | Size = 227840 bytes | Modified Date = 8/4/2001 6:43:54 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Tropical Screensaver.scr -> [Ver = 1, 0, 0, 1 | Size = 1566144 bytes | Modified Date = 12/7/2003 1:59:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.80.0 | Size = 406048 bytes | Modified Date = 11/21/2001 1:34:08 PM | Attr = R ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/21/2007 6:48:50 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#11 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 29 March 2007 - 02:10 AM

Hi orchid,

Thanks for the non-wrapped logs - it makes a big difference :)

I'd like you to upload a couple of files to be checked by an online virus scanner:

Open http://virusscan.jotti.org/
Copy/paste this file and path into the white box at the top:
C:\WINDOWS\ss3unstl.exe
Press Submit - this will submit the file for testing.
Please copy and paste the results in your next response.
Then repeat this process for the following file:
C:\WINDOWS\system32\thxcfg.ini

How did you get on with the Windows Update instructions, did everything go OK?
If you have not already tried using Windows Update, please do so and let me know if it is now working or not.

When complete, please post the Jotti results along with a new HijackThis log and let me know about Windows Update.
ASAP & UNITE Member

#12 orchid

orchid

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 March 2007 - 01:47 PM

Hi silver,

The windows updates were downloaded to the computer. Only the XP update installed -- Office updates unsuccessful ("updates failed"). Have been running Office 2003 for many years and have never had a problem.

Below are the logs you requested. Thank you for your time and effort!

File: ss3unstl.exe Status:

OK

MD5 24582f9e9e1f5f9c3b991ce9882de292 Packers detected:

UPX

Scanner results

Scan taken on 29 Mar 2007 16:23:53 (GMT) AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

















**** NOTE: running scan but not going anywhere so closed program and started scan again.



Service load:

0%








100%

File: thxcfg.ini Status:

OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 19135c59563b1df86725b3ae1393bea0 Packers detected:

-

Scanner results

Scan taken on 29 Mar 2007 17:09:38 (GMT) AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

Logfile of HijackThis v1.99.1
Scan saved at 12:23:15 PM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\newhijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.azdes.go...kicpoysgx4d3df5)/frame_Main.aspx"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0vm6v8q.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363} - C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.azdes.gov
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175131232984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175131210859
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fide...lityToolbar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.co...sh.1.0.0.80.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18....ex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

#13 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 31 March 2007 - 02:48 AM

Hi orchid,

Great that you have XP updates now working, it also looks like your machine is clean of malware - are you happy your machine is running fine apart from Office updates?

Microsoft's article on resolving the Office update problem is here:
http://support.microsoft.com/kb/304498

They have a number of methods to try and get the updates working. Please try steps 1,2,3 & 4 and then try the Office updates again and see if that has done the trick. If you need any help with these instructions please let me know.

You now have AVG Antispyware installed which is an excellent program, however it's real-time protection functionality is not free. I recommend you consider purchasing the full version of the program, but if you choose not to purchase it, you should install another antispyware program with real-time protection - there are several free programs available with this capability, one I can recommend is Windows Defender, available here:
http://www.microsoft...re/default.mspx

You should also consider a Personal Firewall program. Even if you are behind a NAT router, I recommend you install firewall software as it will improve the security of your computer by monitoring and controlling outbound connections to the internet as well as inbound. There are various free packages available, I recommend Sunbelt Software's Kerio available from here:
http://www.sunbelt-software.com/Kerio

Your Java is outdated and is now a security risk
Go to Start » Control Panel » Add/Remove Programs
Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
(It should have this icon next to it: Posted Image)
Click that entry and then click on the Change/Remove button and follow the instructions to remove Java.
Repeat to remove all versions of Java.
Download and install the newest version of Java Runtime Environment (JRE), from here:
http://java.sun.com/...loads/index.jsp

IESPYADS helps protect you from malicious websites by placing a list of known bad websites in Internet Explorer's Restricted Zone. This Zone limits the capabilities of these websites including preventing them from installing software. This will compliment your security software and I recommend you install it:
http://www.spywarewa...uc/resource.htm

Find out how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know how you got on with the Office updates and if there are any further issues.
ASAP & UNITE Member

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 08 April 2007 - 04:36 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·