---------- results.txt --------------
Volume in drive C is PRESARIO
Volume Serial Number is AC25-CBBC
Directory of C:\WINDOWS\system32
03/15/2008 08:36 PM 63 ac25d99d
1 File(s) 63 bytes
Total Files Listed:
1 File(s) 63 bytes
0 Dir(s) 132,820,955,136 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is AC25-CBBC
File Not Found
Volume in drive C is PRESARIO
Volume Serial Number is AC25-CBBC
Directory of C:\WINDOWS\system32
03/16/2008 01:03 AM 270,037 ijkkj.ini
1 File(s) 270,037 bytes
Total Files Listed:
1 File(s) 270,037 bytes
0 Dir(s) 132,817,813,504 bytes free
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,72,65,6c,6f,67,5f,61,70,\
00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:000005a0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=hex:94,fc,72,9d,5e,15,f3,16,c0,15,00,7d,f5,99,75,83,37,32,62,65,62,\
61,33,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
bf,71,04,00,00,00,10,00,00,00,00,00,00,00,46,a6,1c,c6
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=hex:75,64,f1,81,f7,08,65,5b,8b
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=hex:37,6a,49,62,de,96
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132"="iissuba"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=hex:49,c2,24,a6,c1,25,7e,42,4b,80,3a,2d,fc,08,c2,7e
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="
http://www.passport.com"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=hex:bc,28,91,4e,55,08,c8,01
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,6f,e3,94,f8,79,c4,01
"Type"=dword:00000031
---------- END results.txt --------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 21, 2008 9:56:16 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/04/2008
Kaspersky Anti-Virus database records: 717772
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\
S:\
T:\
U:\
Scan Statistics:
Total number of scanned objects: 335553
Number of viruses found: 10
Number of infected objects: 41
Number of suspicious objects: 6
Duration of the scan process: 06:19:17
Infected Object Name / Virus Name / Last Action
C:\CFusionMX7\db\slserver54\tracing\ColdFusion MX 7 ODBC Agent.trc Object is locked skipped
C:\CFusionMX7\db\slserver54\tracing\ColdFusion MX 7 ODBC Server.trc Object is locked skipped
C:\CFusionMX7\logs\eventgateway.log Object is locked skipped
C:\CFusionMX7\logs\server.log Object is locked skipped
C:\CFusionMX7\runtime\logs\coldfusion-err.log Object is locked skipped
C:\CFusionMX7\runtime\logs\coldfusion-out.log Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\destination.dat Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\handle.dat Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\message.dat Object is locked skipped
C:\CFusionMX7\verity\Data\host\admin\admin.dat Object is locked skipped
C:\CFusionMX7\verity\Data\host\log\audit.log Object is locked skipped
C:\CFusionMX7\verity\Data\host\log\status.log Object is locked skipped
C:\CFusionMX7\verity\Data\services\ColdFusionK2_indexserver1\log\status.log Object is locked skipped
C:\CFusionMX7\verity\Data\services\ColdFusionK2_server1\log\status.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\cav.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\monln.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\ThreatFire\Orig.db Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\cert8.db Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\history.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\key3.db Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\parent.lock Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\search.sqlite Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-662e56a0.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\cypressotter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-662e56a0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\cypressotter\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\History\History.IE5\MSHist012008042020080421\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\Acr163.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\Acr169.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\Acr7.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\AcrD.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\ntuser.dat Object is locked skipped
C:\Documents and Settings\cypressotter\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Acronis\TrueImageHome\Logs\4763100F-D309-47C5-965C-F7B1D3F06F9A.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\compaq.err Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP167\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\2680 Object is locked skipped
C:\WINDOWS\Temp\ib1.tmp Object is locked skipped
C:\WINDOWS\Temp\ib2.tmp Object is locked skipped
C:\WINDOWS\Temp\ib3.tmp Object is locked skipped
C:\WINDOWS\Temp\ib4.tmp Object is locked skipped
C:\WINDOWS\Temp\ib5.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Download\astlog.zip/astlog.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.a skipped
E:\Download\astlog.zip ZIP: infected - 1 skipped
E:\Download\NetworkToolkit\TNT_Free_Edition_2_0.zip/bin/scanners/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
E:\Download\NetworkToolkit\TNT_Free_Edition_2_0.zip ZIP: infected - 1 skipped
E:\Download\UB4WIN\plugin\Network\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Download\UB4WIN\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\System Volume Information\_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP167\change.log Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\admparse.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\advpack.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\browseui.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\corpol.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\custsat.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\dxtmsft.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\dxtrans.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\extmgr.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\hmmapi.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\icardie.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\icrav03.rat Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ie4uinit.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieakeng.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieaksie.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieakui.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieapfltr.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iedkcs32.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iedw.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieencode.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieframe.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iepeers.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieproxy.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iernonce.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iertutil.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iesetup.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieudinit.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieui.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieuinit.inf Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iexplore.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\imgutil.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\inetcpl.cpl Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\inseng.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\install.ins Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\jscript.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\jsproxy.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\licmgr10.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeeds.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeeds.mof Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeedsbs.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeedsbs.mof Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeedssync.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshta.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtml.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtml.tlb Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtmled.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtmler.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msls31.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msrating.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mstime.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\occache.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\occache.ini Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\pngfilt.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\shdocvw.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\shlwapi.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\spmsg.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\spuninst.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\spupdsvc.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\tdc.ocx Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ticrf.rat Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\idndl.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\ie7.cat Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\iecustom.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\iereseticons.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\iesetup.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\legitlibm.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\nlsdl.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.exe.manifest Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.inf Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.ver Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\updspapi.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\xmllitesetup.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\url.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\urlmon.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\vbscript.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\vgx.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\webcheck.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\webcheck.ini Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\winfxdocobj.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\wininet.dll Object is locked skipped
Q:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Q:\System Volume Information\_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP167\change.log Object is locked skipped
R:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
S:\New 1\1_D.zip/Download/astlog.zip/astlog.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.a skipped
S:\New 1\1_D.zip/Download/astlog.zip Infected: not-a-virus:PSWTool.Win32.Asterisk.a skipped
S:\New 1\1_D.zip ZIP: infected - 2 skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/bin/scanners/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/TNT_Free_Edition_2_0.zip/bin/password_rev/dialupass/dialupass.exe Infected: not-a-virus:PSWTool.Win32.Dialupass.an skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/TNT_Free_Edition_2_0.zip/bin/scanners/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/TNT_Free_Edition_2_0.zip Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/netcat/files/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/ultravnc/files/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/ultravnc/files/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/netcat/files/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/ultravnc/files/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/ultravnc/files/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
T:\7181895d74e7e5d90ee5\update\update.exe Object is locked skipped
T:\831af59e44f898e5a56c7d89\update\update.exe Object is locked skipped
T:\Pavilion BU\New Folder\Outlook\archive.pst/Archive Folders/Sent Items/19 Mar 2006 02:14 to spoof@paypal.com:FW: Critical Information R.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
T:\Pavilion BU\New Folder\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped
T:\Pavilion BU\New Folder\Outlook\outlook.pst/Personal Folders/Deleted Items/21 Apr 2007 12:25 from Bank Of America:SPAM-LOW: Urgent Securit.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
T:\Pavilion BU\New Folder\Outlook\outlook.pst Mail MS Mail: suspicious - 1 skipped
T:\Pavilion BU\Settings&Transfer_BACKUP\archive.pst/Archive Folders/Sent Items/19 Mar 2006 02:14 to spoof@paypal.com:FW: Critical Information R.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
T:\Pavilion BU\Settings&Transfer_BACKUP\archive.pst Mail MS Mail: suspicious - 1 skipped
T:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
U:\ca54d110eb210b0d50cb5e\admparse.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\advpack.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\browseui.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\corpol.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\custsat.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\dxtmsft.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\dxtrans.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\extmgr.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\hmmapi.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\icardie.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\icrav03.rat Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ie4uinit.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieakeng.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieaksie.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieakui.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieapfltr.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iedkcs32.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iedw.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieencode.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieframe.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iepeers.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieproxy.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iernonce.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iertutil.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iesetup.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieudinit.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieui.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieuinit.inf Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iexplore.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\imgutil.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\inetcpl.cpl Object is locked skipped
U:\ca54d110eb210b0d50cb5e\inseng.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\install.ins Object is locked skipped
U:\ca54d110eb210b0d50cb5e\jscript.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\jsproxy.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\licmgr10.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeeds.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeeds.mof Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeedsbs.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeedsbs.mof Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeedssync.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshta.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtml.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtml.tlb Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtmled.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtmler.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msls31.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msrating.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mstime.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\occache.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\occache.ini Object is locked skipped
U:\ca54d110eb210b0d50cb5e\pngfilt.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\shdocvw.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\shlwapi.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\spmsg.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\spuninst.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\spupdsvc.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\tdc.ocx Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ticrf.rat Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\idndl.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\ie7.cat Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\iecustom.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\iereseticons.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\iesetup.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\legitlibm.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\nlsdl.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.exe.manifest Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.inf Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.ver Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\updspapi.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\xmllitesetup.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\url.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\urlmon.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\vbscript.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\vgx.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\webcheck.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\webcheck.ini Object is locked skipped
U:\ca54d110eb210b0d50cb5e\winfxdocobj.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\wininet.dll Object is locked skipped
U:\f8253bc6619ff7b960\spuninst.exe Object is locked skipped
U:\f8253bc6619ff7b960\spupdsvc.exe Object is locked skipped
U:\f8253bc6619ff7b960\update\idnmitigationapis.cat Object is locked skipped
U:\f8253bc6619ff7b960\update\spcustom.dll Object is locked skipped
U:\f8253bc6619ff7b960\update\update.exe Object is locked skipped
U:\f8253bc6619ff7b960\update\update.inf Object is locked skipped
U:\f8253bc6619ff7b960\update\update.ver Object is locked skipped
U:\f8253bc6619ff7b960\update\updspapi.dll Object is locked skipped
U:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:17:43 AM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.earthpigments.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: OptiCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\OptiCAL\OptiCAL.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1191697986149
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -
http://utilities.pcp.../pcpitstop2.dll
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
One program is still very slow during File/Open and navigating directories within that dialog - approx 5x slower than normal. I'll take note of overall performance during the day and report back.
Thanks.