0
Logfile of HijackThis v1.99.1
Scan saved at 7:41:03 AM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Image ActiveX Object\isamonitor.exe
C:\Program Files\Image ActiveX Object\isamini.exe
C:\Program Files\Image ActiveX Object\pmsngr.exe
C:\Program Files\Image ActiveX Object\pmmon.exe
C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\DO NOT USE PROGRAMS IN FOLDER\WinPFind\WinPFind\winpfind.exe
C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\DO NOT USE PROGRAMS IN FOLDER\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Image ActiveX Object\isaddon.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Image ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Virus-Bursters] C:\Program Files\Virus-Bursters\virus-bursters.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTestClient) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXProj_20060127.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47B863BD-9069-43B1-A1BA-C7B73953697A} (SDD2MS Control) - http://partners.sonypictures.com/activex/msep3/v1108/SDD2MS.CAB
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {EDBE48BE-0150-4BD9-9B01-48559B6EE90A} (CWindowsConnectNow Object) - http://support.dlink.com/references/dgl-4300/dgl4300_ref_activex.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - C:\WINDOWS\system32\xqpauzx.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


AND HERE'S THE WinPFIND scan:


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 7.0.5730.11


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...


Checking %System% folder...
aspack               3/18/2005 5:19:58 PM        2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack               5/26/2005 3:34:52 PM        2297552    C:\WINDOWS\SYSTEM32\d3dx9_26.dll
PEC2                 8/4/2004 2:00:00 AM         41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2                 10/2/2006 9:04:40 AM        635486     C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2           10/2/2006 9:04:40 AM        635486     C:\WINDOWS\SYSTEM32\DivX.dll
PTech                6/19/2006 4:19:42 PM        571184     C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2           11/7/2006 3:38:14 PM        10342824   C:\WINDOWS\SYSTEM32\MRT.exe
aspack               11/7/2006 3:38:14 PM        10342824   C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2004 2:00:00 AM         708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/4/2004 2:00:00 AM         657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/4/2004 2:00:00 AM         1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech                6/19/2006 4:19:26 PM        304944     C:\WINDOWS\SYSTEM32\WgaTray.exe
PEC2                 8/24/2006 10:30:24 PM       8337920    C:\WINDOWS\SYSTEM32\wmploc.dll


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/7/2006 1:57:14 PM      S 2048       C:\WINDOWS\bootstat.dat
12/8/2006 12:28:10 PM    H  54156      C:\WINDOWS\QTFont.qfn
10/14/2006 3:13:26 AM   RH  0          C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat
10/14/2006 3:13:34 AM   RH  0          C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat
10/28/2006 11:23:44 AM   H  1180       C:\WINDOWS\network diagnostic\Sqm\NetDiag00.sqm
11/3/2006 1:49:42 AM     H  1180       C:\WINDOWS\network diagnostic\Sqm\NetDiag01.sqm
11/7/2006 7:31:38 AM     H  444        C:\WINDOWS\network diagnostic\Sqm\NetDiag02.sqm
11/7/2006 11:05:00 PM    H  1372       C:\WINDOWS\network diagnostic\Sqm\NetDiag03.sqm
11/8/2006 8:34:18 AM     H  1124       C:\WINDOWS\network diagnostic\Sqm\NetDiag04.sqm
11/8/2006 8:36:42 AM     H  1372       C:\WINDOWS\network diagnostic\Sqm\NetDiag05.sqm
11/8/2006 8:41:56 AM     H  444        C:\WINDOWS\network diagnostic\Sqm\NetDiag06.sqm
11/9/2006 4:06:40 PM     H  444        C:\WINDOWS\network diagnostic\Sqm\NetDiag07.sqm
11/12/2006 11:38:16 PM   H  444        C:\WINDOWS\network diagnostic\Sqm\NetDiag08.sqm
11/19/2006 5:30:30 PM    H  1084       C:\WINDOWS\network diagnostic\Sqm\NetDiag09.sqm
11/19/2006 5:41:12 PM    H  1236       C:\WINDOWS\network diagnostic\Sqm\NetDiag10.sqm
11/19/2006 7:58:40 PM    H  1124       C:\WINDOWS\network diagnostic\Sqm\NetDiag11.sqm
11/19/2006 9:08:38 PM    H  1372       C:\WINDOWS\network diagnostic\Sqm\NetDiag12.sqm
11/19/2006 9:31:08 PM    H  1236       C:\WINDOWS\network diagnostic\Sqm\NetDiag13.sqm
11/19/2006 10:53:52 PM   H  444        C:\WINDOWS\network diagnostic\Sqm\NetDiag14.sqm
11/19/2006 10:53:58 PM   H  444        C:\WINDOWS\network diagnostic\Sqm\NetDiag15.sqm
12/8/2006 11:54:52 AM    H  1044       C:\WINDOWS\network diagnostic\Sqm\NetDiag16.sqm
10/17/2006 1:34:28 PM     S 42344      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat
10/16/2006 5:35:46 AM     S 10965      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat
10/13/2006 2:55:52 AM     S 10965      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat
10/13/2006 3:33:10 AM     S 10259      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat
12/10/2006 7:01:18 AM    H  1024       C:\WINDOWS\system32\config\DEFAULT.LOG
12/7/2006 10:21:26 PM    H  1024       C:\WINDOWS\system32\config\SAM.LOG
12/10/2006 3:20:58 AM    H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
12/10/2006 7:33:14 AM    H  1024       C:\WINDOWS\system32\config\SOFTWARE.LOG
12/10/2006 1:59:22 AM    H  1024       C:\WINDOWS\system32\config\SYSTEM.LOG
11/16/2006 6:48:58 PM    H  1024       C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
12/2/2006 3:50:10 AM      S 14760      C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\6C68A73125F3238F044A8115D96841B6
12/6/2006 7:12:30 PM      S 1039       C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3
11/25/2006 7:01:24 AM     S 7652       C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
12/2/2006 3:50:10 AM      S 132        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\6C68A73125F3238F044A8115D96841B6
12/6/2006 7:12:30 PM      S 126        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3
11/25/2006 7:01:24 AM     S 134        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
10/28/2006 6:21:20 PM    H  0          C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
10/22/2006 6:59:42 PM    HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\73388b31-da75-498d-93ae-8350692fabaa
10/22/2006 6:59:42 PM    HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
10/21/2006 4:02:28 PM    HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b76215b3-b256-40d2-9560-ae0a25fb5989
10/21/2006 4:02:28 PM    HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/7/2006 1:57:18 PM     H  6          C:\WINDOWS\Tasks\SA.DAT


Checking for CPL files...
Microsoft Corporation          8/4/2004 2:00:00 AM         68608      C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          10/17/2006 1:05:48 PM       1817088    C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         380416     C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         7/26/2006 3:03:14 AM        49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          5/26/2005 4:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         68608      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         549888     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         135168     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         80384      C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         155136     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          10/17/2006 1:05:48 PM       1817088    C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         129536     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         68608      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         618496     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         25600      C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         257024     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         114688     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         155648     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         298496     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         94208      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation          8/4/2004 2:00:00 AM         148480     C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation          5/26/2005 4:16:30 AM        174360     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
7/23/2006 1:51:00 AM     HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini


Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/22/2006 3:37:16 PM     HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
11/7/2006 8:37:38 AM        3341       C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache


Checking files in %USERPROFILE%\Startup folder...
7/23/2006 1:51:00 AM     HS 84         C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini


Checking files in %USERPROFILE%\Application Data folder...
7/28/2006 12:09:32 AM       1730       C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
7/22/2006 3:37:16 PM     HS 62         C:\Documents and Settings\Owner\Application Data\desktop.ini
7/28/2006 12:09:32 AM       0          C:\Documents and Settings\Owner\Application Data\dm.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\DAP_Menu
{BED4C38B-F765-45AC-8C56-613F76BBF43E}   = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\DAP_ShredMenu
{BED4C38B-F765-45AC-8C56-613F76BBF43E}   = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\DAP_ShredMenu
{BED4C38B-F765-45AC-8C56-613F76BBF43E}   = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
= C:\Program Files\Image ActiveX Object\isaddon.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{6932D140-ABC4-4073-A44C-D4A541665E35}   = ImageShack Toolbar   : C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}   = Protection Bar   : C:\Program Files\Image ActiveX Object\iesplugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText     = Sun Java Console : C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText   = Yahoo! Services  :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
MenuText     = @xpsp3res.dll,-20001 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText   = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText   = Messenger    : C:\Program Files\Messenger\msmsgs.exe


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} = Protection Bar : C:\Program Files\Image ActiveX Object\iesplugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EPSON Stylus Photo R220 Series  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
Symantec NetDriver Monitor  C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SunJavaUpdateSched  "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
iTunesHelper    "C:\Program Files\iTunes\iTunesHelper.exe"
IMJPMIG8.1  "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
ccRegVfy    C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
ccApp   C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Advanced Tools Check    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
DownloadAccelerator "C:\Program Files\DAP\DAP.EXE" /STARTUP
Windows Media Connect 2 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
QuickTime Task  "C:\Program Files\QuickTime\qttask.exe" -atboottime
Virus-Bursters  C:\Program Files\Virus-Bursters\virus-bursters.exe /h


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe  C:\WINDOWS\system32\ctfmon.exe
BitTorrent  "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
MSMSGS  "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager    "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
WMPNSCFG    C:\Program Files\Windows Media Player\WMPNSCFG.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup  C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location    Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item    Adobe Reader Speed Launch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    msmsgs
hkey    HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    TINTSETP
hkey    HKLM
command C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    TINTSETP
hkey    HKLM
command C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    TINTSETP
hkey    HKLM
command C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    TINTSETP
hkey    HKLM
command C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    qttask
hkey    HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\seekmo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    seekmo
hkey    HKLM
command "c:\program files\seekmo\seekmo.exe"
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    seekmo
hkey    HKLM
command "c:\program files\seekmo\seekmo.exe"
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedOptimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    SPO
hkey    HKLM
command C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    SPO
hkey    HKLM
command C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    WMPNSCFG
hkey    HKCU
command C:\Program Files\Windows Media Player\WMPNSCFG.exe
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    WMPNSCFG
hkey    HKCU
command C:\Program Files\Windows Media Player\WMPNSCFG.exe
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    YAHOOM~1
hkey    HKCU
command "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    YAHOOM~1
hkey    HKCU
command "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini  0
win.ini 0
bootini 0
services    0
startup 2



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
isamonitor.exe  C:\Program Files\Image ActiveX Object\isamonitor.exe
pmsngr.exe  C:\Program Files\Image ActiveX Object\pmsngr.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1
undockwithoutlogon  1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  145



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor                     {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll
WPDShServiceObj                 {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll
blippers                        {f2efa195-4785-4db1-9316-b48c64bb71da} = C:\WINDOWS\system32\xqpauzx.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINDOWS\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/10/2006 7:40:18 AM

PLEASE HELP ME!!!

Edited by pritaeas: Fixed formatting

2
Contributors
1
Reply
2
Views
10 Years
Discussion Span
Last Post by DMR
0

Bleh! Yup- you've got Nasties.

A) A pictorial walk-through of the removal procedure for the "VirusBursters" infection can be found here. Please follow those instructions carefully and fully.

B) Once you've completed the VirusBursters removal procedure, please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

* Download ATF-Cleaner and save it to convenient location.


* Download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


* Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

Once in Safe Mode:

* Double-click ATF-Cleaner.exe to run the program.
- Click the Main menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.

If you use Firefox browser:

- Click the Firefox menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, click No at the prompt.
- Click Exit on the Main menu to close the program.


* Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

* Reboot in Normal Mode.


* Open the AVG Anti-Spyware report in Windows Notepad, and Cut-N-Paste the entire contents of that report into your next post. Also run a new HijackThis scan and include that log file as well.

.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.