======================== WInPFind LOG =====================
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 10/5/2005 10:56:12 AM 38912 C:\WINDOWS\mtuninst.exe
UPX! 10/4/2005 1:55:54 AM 82432 C:\WINDOWS\untokuoitu.exe
Checking %System% folder...
UPX! 7/19/2005 11:15:14 AM 286720 C:\WINDOWS\SYSTEM32\ctmweb.exe
PEC2 8/4/2004 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 11/8/2004 12:02:34 PM 14336 C:\WINDOWS\SYSTEM32\diagdll.dll
UPX! 7/21/2005 1:01:58 PM 30720 C:\WINDOWS\SYSTEM32\identprv.dll
PECompact2 9/8/2005 8:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 8:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 5:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 10/5/2005 10:56:10 AM 137216 C:\WINDOWS\SYSTEM32\oins.exe
Umonitor 8/4/2004 5:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 8/24/2005 4:46:42 AM 374272 C:\WINDOWS\SYSTEM32\ride5.0.exe
winsync 8/4/2004 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 1/17/2002 2:52:00 PM 3584 C:\WINDOWS\SYSTEM32\wceprv.dll
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/2/2005 6:15:10 AM S 2048 C:\WINDOWS\bootstat.dat
8/30/2005 5:18:50 AM H 24 C:\WINDOWS\ppc4Y
8/3/2005 5:36:08 AM H 0 C:\WINDOWS\inf\oem9.inf
8/2/2005 8:52:38 AM H 1024 C:\WINDOWS\repair\SAM.LOG
8/2/2005 8:52:40 AM H 1024 C:\WINDOWS\repair\SECURITY.LOG
8/2/2005 8:52:40 AM H 1024 C:\WINDOWS\repair\SOFTWARE.LOG
8/2/2005 8:52:44 AM H 1024 C:\WINDOWS\repair\SYSTEM.LOG
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
9/2/2005 6:15:02 AM H 8192 C:\WINDOWS\system32\config\default.LOG
9/2/2005 6:15:24 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/2/2005 6:15:12 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
9/2/2005 6:19:42 AM H 90112 C:\WINDOWS\system32\config\software.LOG
9/2/2005 6:15:20 AM H 929792 C:\WINDOWS\system32\config\system.LOG
8/12/2005 12:17:52 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
8/3/2005 5:36:28 AM S 1047 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
8/3/2005 5:36:24 AM S 1370 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
8/3/2005 5:36:28 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
8/3/2005 5:36:24 AM S 194 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
8/2/2005 8:52:58 AM H 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
8/2/2005 8:52:58 AM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0885501c-e530-4625-b40c-a3db4603f3e3
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0bd5badc-886f-49cc-86f7-36e5c2a7ce64
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\15a32d92-3308-454c-87af-0da266a852d0
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\42aa6379-eb6d-4652-853c-019f55b7c612
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\654156c2-7946-4588-b2d4-32f673a572eb
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8df4fcde-1472-43a0-8da2-80916e86f7cd
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a1f02855-3488-46ab-b35f-5142c0deff06
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a918fc42-830d-4788-9ce5-2bdf24b3b061
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b41812f9-6f71-40fc-a162-c84e6b5f1c7e
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\cdcecc26-2bbf-404c-b51a-c74a85dcb0e6
8/2/2005 8:53:44 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dc829529-d943-4e1d-8998-58653d733f19
8/2/2005 8:53:44 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/2/2005 6:14:06 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/2/2005 8:58:32 AM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/2/2005 8:58:32 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/30/2005 6:27:50 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2BBUM44J\desktop.ini
8/30/2005 6:27:50 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8RSBUVEF\desktop.ini
8/30/2005 6:27:50 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZIJK3MN\desktop.ini
8/30/2005 6:27:50 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Y9IV2ZQ7\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 5/14/2004 5:26:34 PM 14268928 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 148992 C:\WINDOWS\SYSTEM32\tabletpc.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 148992 C:\WINDOWS\SYSTEM32\dllcache\tabletpc.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/2/2005 5:49:18 AM 2335 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
8/20/2004 9:10:16 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
8/25/2004 12:26:46 PM 1805 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
8/8/2005 6:32:28 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/20/2004 1:58:48 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
8/20/2004 9:10:16 AM HS 84 C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
8/20/2004 1:58:48 AM HS 62 C:\Documents and Settings\Caroline\Application Data\desktop.ini
8/24/2005 7:34:34 AM 146 C:\Documents and Settings\Caroline\Application Data\Sskdmns.dll
8/24/2005 4:47:06 AM 460858 C:\Documents and Settings\Caroline\Application Data\Sskknwrd.dll
8/24/2005 6:40:12 AM 33 C:\Documents and Settings\Caroline\Application Data\Sskuknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender9\bdshelxt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\nfsyytsy
{f4b98269-e8f3-4cfb-ac8b-6975843ce240} = C:\WINDOWS\system32\efqmm.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender9\bdshelxt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TabletWizard C:\WINDOWS\help\SplshWrp.exe
TabletTip "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
SiS Windows KeyHook C:\WINDOWS\system32\keyhook.exe
SiSUSBRG C:\WINDOWS\SiSUSBrg.exe
Apoint C:\Program Files\Apoint2K\Apoint.exe
SoundMan SOUNDMAN.EXE
SMSERIAL sm56hlpr.exe
RoxioEngineUtility "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
RoxioDragToDisc "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
RoxioAudioCentral "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
WinampAgent C:\Program Files\Winamp\winampa.exe
Acrobat Assistant 7.0 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
BDMCon C:\progra~1\softwin\bitdef~1\bdmcon.exe
BDOESRV "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
BDNewsAgent "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
BDSwitchAgent "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
AIM C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey
= C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL
= TabBtnWL.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify
= tpgwlnot.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/2/2005 6:25:14 AM
=================== End WinPFind LOG =============
================= Trackqoo Log =====================
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\\WINDOWS\\help\\SplshWrp.exe"
"TabletTip"="\"C:\\Program Files\\Common Files\\microsoft shared\\ink\\tabtip.exe\" /resume"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"SoundMan"="SOUNDMAN.EXE"
"SMSERIAL"="sm56hlpr.exe"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"BDMCon"="C:\\progra~1\\softwin\\bitdef~1\\bdmcon.exe"
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"C:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\""
"BDSwitchAgent"="\"C:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
Subkey --- BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B}
C:\Program Files\Softwin\BitDefender9\bdshelxt.dll
Subkey --- nfsyytsy
{f4b98269-e8f3-4cfb-ac8b-6975843ce240}
C:\WINDOWS\system32\efqmm.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk
desktop.ini
Microsoft Office OneNote 2003 Quick Launch.lnk
Microsoft Office.lnk
==============================
C:\Documents and Settings\Caroline\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk
desktop.ini
Microsoft Office OneNote 2003 Quick Launch.lnk
Microsoft Office.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files
access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
tabletpc.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
=================== End Trackqoo ====================
================= Kaspersky Log ==================
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, September 02, 2005 07:37:02
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/10/2005
Kaspersky Anti-Virus database records: 145153
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 31391
Number of viruses found: 20
Number of infected objects: 135
Number of suspicious objects: 0
Duration of the scan process: 1792 sec
Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-609264541-873382673-3294363746-1005\Dc4\gloryrmx.dll Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0004038.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0004039.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0004040.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0004041.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0004043.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005038.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005040.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005041.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005042.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005043.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005058.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005059.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005060.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005061.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005073.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005076.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005077.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005089.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005090.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005091.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005093.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005100.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005101.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005102.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005103.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0005104.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006108.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006109.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006110.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006111.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006116.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006135.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006136.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006138.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0006139.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0007140.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0007141.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0007142.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0007143.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0009137.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0009138.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0009139.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0009140.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0012157.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0012158.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0012159.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0012160.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0013155.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0013156.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0013159.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0013160.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0015155.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0015157.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0015158.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0015159.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016176.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016177.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016178.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016181.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016196.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016197.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016198.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016199.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016206.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016208.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0016214.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017197.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017198.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017199.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017200.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017216.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017217.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017218.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0017219.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018244.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018245.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018246.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018247.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018257.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018258.exe/data0005 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018258.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018260.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018261.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018266.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018268.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018270.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018271.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018272.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018273.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018447.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018448.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018449.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018450.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018453.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0018459.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0019435.dll Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0019436.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0019444.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020442.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020443.exe Infected: Trojan-Downloader.Win32.VB.jl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020444.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020445.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020446.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020448.exe Infected: Trojan.Win32.EliteBar.c
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020450.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020452.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020456.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020458.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020459.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP14\A0020460.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP15\A0020533.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP15\A0020534.dll Infected: Trojan-Downloader.Win32.Qoologic.af
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP15\A0020535.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP16\A0020586.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP16\A0020587.dll Infected: Trojan-Downloader.Win32.Qoologic.af
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP16\A0020588.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP16\A0020599.exe Infected: Trojan-Downloader.Win32.VB.hw
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP16\A0020603.exe Infected: Trojan-Downloader.Win32.Agent.vp
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP16\A0020604.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP16\A0020614.exe Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP17\A0021554.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP17\A0021559.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP17\A0021560.dll Infected: Trojan-Downloader.Win32.Qoologic.af
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP17\A0021561.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021607.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021608.exe Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021612.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021623.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021628.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021629.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021630.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP18\A0021631.dll Infected: Trojan-Downloader.Win32.Qoologic.af
C:\System Volume Information\_restore{228FA598-7770-4360-A758-3CFB320A8092}\RP19\A0023713.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
C:\WINDOWS\uhvokou.exe Infected: Trojan-Dropper.Win32.Agent.mu
Scan process completed.
====================== End Kaspersky Log ==================
=================== Hijack! This ====================
Logfile of HijackThis v1.99.1
Scan saved at 7:38:06 AM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM95\aim.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\upgrepl.exe
C:\Temp\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.averatec.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.averatec.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com/
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) -
https://old.cwinsider.com/cwi/frntd/...e/TSAEButn.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1093027197912
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Testoc Control) -
http://www.lojackforlaptops.com/ctmweb/testoc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
=========================== End Hijack! This ===============