Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics
Reload this Page Viruses found, malware, spyware, and popups.

Join Tech Support Forum Today

 
 
Thread Tools Search this Thread
 
Old 12-23-2007, 10:15 PM   #1
Registered Member
 
Join Date: Sep 2007
Posts: 99
OS: XP Pro SP2


Viruses found, malware, spyware, and popups.
PANDA ACTIVE SCAN:


Incident Status Location

Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/searchrelevancy Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:spyware/apropos Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.com.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.xiti.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.overture.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1u57o9cl.default\cookies.txt[.fortunecity.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-7fe490d6.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-7fe490d6.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-7fe490d6.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-7fe490d6.zip[Beyond.class]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Tom\Cookies\tom@64.62.232[3].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tom\Cookies\tom@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tom\Cookies\tom@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Tom\Cookies\tom@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tom\Cookies\tom@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tom\Cookies\tom@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tom\Cookies\tom@ads.pointroll[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tom\Cookies\tom@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tom\Cookies\tom@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Tom\Cookies\tom@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Tom\Cookies\tom@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tom\Cookies\tom@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tom\Cookies\tom@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tom\Cookies\tom@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Tom\Cookies\tom@c.enhance[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tom\Cookies\tom@casalemedia[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Tom\Cookies\tom@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tom\Cookies\tom@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tom\Cookies\tom@dist.belnk[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tom\Cookies\tom@fastclick[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Tom\Cookies\tom@fe.lea.lycos[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Tom\Cookies\tom@fe.lea.lycos[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tom\Cookies\tom@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Tom\Cookies\tom@i.screensavers[2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Tom\Cookies\tom@linkexchange[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Tom\Cookies\tom@mp3search[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Tom\Cookies\tom@paypopup[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Tom\Cookies\tom@pop.mircx[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tom\Cookies\tom@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tom\Cookies\tom@realmedia[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Tom\Cookies\tom@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Tom\Cookies\tom@rn11[2].txt
Spyware:Cookie/Servlet Not disinfected C:\Documents and Settings\Tom\Cookies\tom@servlet[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Tom\Cookies\tom@stat.onestat[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tom\Cookies\tom@stats1.reliablestats[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tom\Cookies\tom@toplist[1].txt
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Tom\Cookies\tom@toprebates[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Tom\Cookies\tom@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tom\Cookies\tom@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tom\Cookies\tom@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Tom\Cookies\tom@tucows[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Tom\Cookies\tom@webpower[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Tom\Cookies\tom@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tom\Cookies\tom@www.burstbeacon[2].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Tom\Cookies\tom@www.web-stat[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Tom\Cookies\tom@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tom\Cookies\tom@zedo[2].txt
Adware:Adware/Zango Not disinfected C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
Adware:Adware/WUpd Not disinfected C:\TEMP\Remover.exe
Adware:Adware/WinTools Not disinfected C:\TEMP\ZCWEDowST3.exe
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\system32\instsrv.exe
Virus:Trj/Agent.ABE Disinfected C:\WINDOWS\system32\pdvxmlc.exe
DECKARDS SYSTEM SCANNER:

Deckard's System Scanner v20071014.68
Run by Tom on 2007-12-24 00:55:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2007-12-24 05:55:10 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2007-12-24 04:31:38 UTC - RP5 - Software Distribution Service 3.0
4: 2007-12-24 04:17:24 UTC - RP4 - Software Distribution Service 3.0
3: 2007-12-24 03:36:41 UTC - RP3 - Software Distribution Service 3.0
2: 2007-12-24 03:31:05 UTC - RP2 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-09-21 19:01:34 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-24 00:56:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\Documents and Settings\Tom\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {00000000-0000-4998-8BB7-CE08074F9FCE} - C:\Program Files\07sf6n00\07sf6n00.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubles.../usbaptest.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.0.69.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198466852390
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: bw+0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {811a438d-02ff-4646-9678-1907688031fa} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: offline-8876480 - {811A438D-02FF-4646-9678-1907688031FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies Inc - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


--
End of file - 21150 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SF - c:\windows\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver for Intel(R) Audio Studio>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Windows (R) 2000 DDK provider; OSA I/O Port Driver Version 1.0.3>
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel(R) Active Monitor>
R3 KBFiltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\kbfiltr.sys
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
R3 smbusp (Intel(R) SMBus 2.0 Driver) - c:\windows\system32\drivers\intelsmb.sys <Not Verified; Intel Corporation; Intel(R) SMBus Controller>

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S4 cd2pSrv - c:\windows\system32\drivers\sys06nt5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper (Diskeeper Lite.lnk) - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>
R2 iHCService (Intel(R) Desktop Utilities Service) - "c:\program files\intel\idu\iduserv.exe" <Not Verified; OSA Technologies Inc; Intel(R) Desktop Utilities>
R2 SDPASVC (SDPAUMS server service) - c:\windows\system32\sdpasvc.exe -service <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-24 00:56:00 408 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-07-09 13:27:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

2007-12-24 00:24:16 0 d-------- C:\Program Files\SpywareBlaster
2007-12-23 23:53:54 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-23 23:53:53 0 d-------- C:\WINDOWS\LastGood
2007-12-23 23:29:10 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-12-23 23:27:07 0 d-------- C:\Program Files\MSBuild
2007-12-23 23:24:27 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-12-23 23:23:55 0 d-------- C:\Program Files\Reference Assemblies
2007-12-23 23:23:06 0 d-------- C:\4f13bc5b57d5eaf0ec8b7e816f37ba1d
2007-12-23 23:21:24 0 d-------- C:\Program Files\MSXML 6.0
2007-12-23 23:20:51 0 d-------- C:\WINDOWS\system32\RTCOM
2007-12-23 23:02:46 0 d-------- C:\WINDOWS\network diagnostic
2007-12-23 22:40:41 0 d-------- C:\Program Files\MSXML 4.0


-- Find3M Report ---------------------------------------------------------------

2007-12-24 00:24:07 0 d-------- C:\Program Files\BitComet
2007-12-24 00:23:38 0 d-------- C:\Program Files\Google
2007-12-23 23:22:06 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000006-00000000-00000003-00001102-00000004-20021102}.dat
2007-12-23 23:22:06 384 --a------ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000003-00001102-00000004-20021102}.dat
2007-12-23 22:26:04 0 d-------- C:\Documents and Settings\Tom\Application Data\Adobe
2007-12-23 22:22:23 0 d-------- C:\Documents and Settings\Tom\Application Data\Azureus
2007-12-23 22:18:24 0 d-------- C:\Program Files\ZDaemon
2007-12-23 22:18:17 0 d-------- C:\Program Files\Yahoo!
2007-12-23 22:17:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-23 22:17:33 0 d-a------ C:\Program Files\Common Files
2007-12-23 22:11:44 123 --a------ C:\Documents and Settings\Tom\Application Data\iScrobbler.ini
2007-12-23 22:10:30 0 d-------- C:\Program Files\FilePlanet
2007-12-23 22:07:54 0 d-------- C:\Program Files\AviSynth 2.5


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-0000-4998-8BB7-CE08074F9FCE}]
C:\Program Files\07sf6n00\07sf6n00.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}]
C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [09/21/2005 03:32 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\ALCMTR.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/27/2007 01:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tom^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Tom\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\07sf6n00]
C:\Program Files\07sf6n00\07sf6n00.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180sa]
c:\program files\180search assistant\180sa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ajfozd]
C:\Program Files\Nlxesyp\Ulyhf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service]
C:\Program Files\DeskAd Service\DeskAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MICROS~3\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBqFRXj9e]
pdvxmlc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\\INTELAUDIOSTUDIO.EXE" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
"C:\Program Files\Intel\IDU\iptray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaKey]
C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\megv2na9]
C:\WINDOWS\system32\megv2na9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
"C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates]
"C:\Program Files\WebRebates4\webrebates.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whezcb]
C:\WINDOWS\whezcb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"WinToolsSvc"=2 (0x2)
"TBPSSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- End of Deckard's System Scanner: finished at 2007-12-24 00:57:10 ------------

I have the DSS extra file but it won't attach and I also have the HJT log attached. I am also installing Antivir. As my antivirus and eventually Zone Alarm as my Firewall.
Attached Files
File Type: txt hijackthis.txt (18.8 KB, 0 views)

__________________
only is offline  
Old 01-07-2008, 02:57 AM   #2
Registered Member
 
Join Date: Sep 2007
Posts: 99
OS: XP Pro SP2


Re: Viruses found, malware, spyware, and popups.
WOW this is old BUMP!!!!
__________________
only is offline  
 

« locked out of control panel & much more | Hijack this Log - help! XP SP2 »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question





Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

RV & Travel Trailer Communities

Our RV & Travel Trailer sites encompasses virtually all types of Recreational Vehicles, from brand-specific to general RV communities.

» More about our RV Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


All times are GMT -7. The time now is 02:40 PM.

Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of Service - Privacy - Top

Copyright 2001 - 2010, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security