Here you go Katana...I disabled Spyware Doctor before the Kaspersky scan, then restarted it before I did the new RIS scan.
Ummmm...wow...I'm beyond my capabilities reading these logs, but I sure hope all the infections in the Kasperky log are just remnants of previous detections and fixes...either way I'm amazed by the report! Slider
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, April 3, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, April 03, 2009 02:08:00
Records in database: 2002414
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 64732
Threat name: 14
Infected objects: 167
Suspicious objects: 4
Duration of the scan: 01:46:09
File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{F6505928-8E1A-4BDA-8C17-68BFDB632DE1}\Microsoft\Outlook Express\Archive - MHW Sent Items.dbx Infected: Email-Worm.Win32.Zafi.b 1
C:\Documents and Settings\Administrator\My Documents\My Pictures\Melissa\{F6505928-8E1A-4BDA-8C17-68BFDB632DE1}\Microsoft\Outlook Express\Archive - MHW Sent Items.dbx Infected: Email-Worm.Win32.Zafi.b 1
C:\Documents and Settings\Administrator\Temp\{F6505928-8E1A-4BDA-8C17-68BFDB632DE1}\Microsoft\Outlook Express\Archive - MHW Sent Items.dbx Infected: Email-Worm.Win32.Zafi.b 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0037195E.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\00524D23.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\032574E4.htm Suspicious: Exploit.HTML.DialogArg 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\08571830.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\09077EDC Infected: Trojan-Downloader.JS.IstBar.k 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\092C5953.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0A375C82.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0AFC2355.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0B4B5D7E.htm Suspicious: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0E453EE1.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0E4F1EF9 Infected: Trojan-Downloader.VBS.Psyme.at 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0EEA31EC.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\0EF42FE1.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\105F2BF2.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\10A073AA.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\10A944D5.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\10FE1B40.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\11155B29.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\11190525.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\11367F05.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\13F734DA.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\140B30C5.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\15960912.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\15A65B00.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\18A95BBF.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\18B427A4.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\18B851A1.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\18F91959.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\18F91959.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\196F5338.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\199B69C9.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\19AB3BB7.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\1ACD1D54.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\1B956103 Infected: Trojan-Downloader.JS.IstBar.j 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\1B980AFF Infected: Trojan-Downloader.JS.IstBar.j 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\1CCF4DB2.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\1CDF1FA0.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\1E67314C.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\1FCD4D7F.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\21CD3930.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\21EE5D0C.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\241C3312.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\241C3312.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\24853346.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\2559026E.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\2559026E.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\25B6055C.htm Suspicious: Exploit.HTML.DialogArg 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\25F42317.htm Suspicious: Exploit.HTML.DialogArg 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\2667552F.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\27043483.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\27384DF9 Infected: Trojan-Downloader.JS.Small.ag 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\276D576B.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\27EC5984.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\27FF556E.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\28100AB8.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\28F25BC0.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\29022DAE.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\2A2B1A67.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\2B794AA0.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\2B8D468B.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\31E36DC1.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\32B241F6.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\32B241F6.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\32C53DE0.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\36065036.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\36065036.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\36277412.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\36277412.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\381E35E9.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\381E35E9.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\383058F9.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\38D13B23.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\38DB3919.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\39040210.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\394A4C9E.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\394D1369.htm Infected: Exploit.VBS.Phel.j 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\39FE51D9.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\3AD712B2.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\3AE920D6.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\3AEC4AD2.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\3C6B2824 Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\3CC663D1.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\3F987EA5 Infected: Trojan-Downloader.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\3FC93DB2.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\42732212 Infected: Trojan-Downloader.JS.IstBar.j 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\42764C0E Infected: Trojan-Downloader.JS.IstBar.j 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4287376A Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\44165B6C.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\44165B6C.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4631355D.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4923181F.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4B122D22.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4BEB0ECD.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4C797782.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4CBC0DE7.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4CC037E3.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4CD21465.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4DF64C8E.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4E3F03A4.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4E3F03A4.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4F1E6BA9.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4F1E6BA9.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4F2728A4.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4F2728A4.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4F65064B.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4F7609F2.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4F865BE0.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\4FC51690.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\51456250.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\520C6375.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\52780CE9.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\52CA66A4.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\559F4F86.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\55A84D7C.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\573000B9.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\582F66E0.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\58535477.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\58736186.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\58875D70.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\59317B83.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5A555919.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5AE14E9E Infected: Trojan-Downloader.JS.IstBar.j 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5B711BD4 Infected: Email-Worm.Win32.Bagle.dk 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5B8B5AA7.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5B9E2E86.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5BB22A71.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5C587E0B.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5D0F7244.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5DD4458E.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5DD4458E.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5DD76F8A.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5DD76F8A.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\5DF576F4.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\610E1F24.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\61271A39.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\613A1623.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\615D4134.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\61D77577.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\61E74765.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\63263338.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\63360526.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\637D19AA.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\67295726.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\672D7D44.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\672D7D44.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\69634964.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\6977454E.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\6A7968B7 Infected: Trojan-Downloader.VBS.Psyme.av 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\6C960750.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\6C960750.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\726541FF Infected: Trojan-Downloader.VBS.Psyme.at 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\726C15F8 Infected: Trojan.Win32.Favadd.l 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\73FC272C.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\73FC272C.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\74D13BBE.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\74D80FB6.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\76D82024.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\784833E9.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\784833E9.php Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\78FF2E07.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7A5F5878.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7A620274.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7A6F2A66.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7A725462.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7ADC7028.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7AEB06AF.htm Infected: Exploit.HTML.Mht 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7B147160.htm Infected: Exploit.VBS.Phel.a 1
C:\RECYCLER\S-1-5-21-1614895754-1004336348-682003330-500\Dc21\Quarantine\7B25434E.htm Infected: Exploit.VBS.Phel.a 1
The selected area was scanned.
-------------------------------------------------------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-04-03 09:58:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 202 GB (85%) free of 238 GB
Total RAM: 1023 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:09 AM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.attbi.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: # Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about
:config
* For more information, see
http://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\ADMINISTRATOR\\APPLICATION DATA\\Mozilla\\Profiles\\default\\lxcunvvv.slt");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "us-ascii, UTF-8, windows-1252, ISO-8859-1");
user_pref("mail
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1096722207781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1140016650656
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MANDP.Local
O17 - HKLM\Software\..\Telephony: DomainName = MANDP.Local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MANDP.Local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: JavaQuickStarterService - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 7671 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-27 1078552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-27 1932568]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2004-05-17 2545664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWOTOOLBOX]
C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe [2006-11-03 352256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-02-22 2209224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic Device Manager for Multi-Function Station software]
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe [2007-05-21 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic Device Monitor Wakeup]
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe [2006-11-02 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic PCFAX for Multi-Function Station software]
C:\Program Files\Panasonic\MFStation\KmPcFax.exe [2007-08-28 757760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe [2004-05-12 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-30 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"WinDefend"=2
"ThreatFire"=3
"sdCoreService"=2
"sdAuxService"=2
"Panasonic Trap Monitor Service"=2
"Panasonic Local Printer Service"=2
"ose"=3
"JavaQuickStarterService"=3
"gusvc"=3
"C-DillaCdaC11BA"=2
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"ATI Smart"=2
"APC UPS Service"=2
"AcrSch2Svc"=2
"aawservice"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-04-21 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-27 10520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2009-04-02 20:11:42 ----D---- C:\WINDOWS\ERDNT
2009-04-02 20:10:47 ----D---- C:\Program Files\ERUNT
2009-03-29 18:27:47 ----D---- C:\rsit
2009-03-27 20:52:56 ----HD---- C:\$AVG8.VAULT$
2009-03-27 20:07:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-27 20:06:44 ----D---- C:\Program Files\AVG
2009-03-27 20:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-27 18:59:58 ----D---- C:\Program Files\Common Files\PC Tools
2009-03-27 18:59:53 ----D---- C:\Program Files\Spyware Doctor
2009-03-24 17:34:59 ----A---- C:\WINDOWS\st_affiliate.ini
2009-03-24 17:25:33 ----D---- C:\Program Files\CyberDefender
2009-03-24 17:10:39 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-24 17:09:27 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-24 17:09:27 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-24 16:55:31 ----D---- C:\Avenger
2009-03-24 16:55:31 ----A---- C:\avenger.txt
2009-03-24 16:37:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-24 16:37:23 ----D---- C:\WINDOWS\temp
2009-03-24 16:00:23 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-03-24 16:00:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-24 14:20:54 ----SHD---- C:\WINDOWS\CSC
2009-03-12 20:55:40 ----A---- C:\WINDOWS\KmPcFax.INI
2009-03-12 20:31:03 ----A---- C:\WINDOWS\system32\hpz3l42i.dll
2009-03-11 15:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 15:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 15:51:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
======List of files/folders modified in the last 1 months======
2009-04-03 09:59:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-03 09:57:35 ----D---- C:\WINDOWS\system32\drivers
2009-04-03 00:20:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-02 21:09:15 ----D---- C:\WINDOWS\Prefetch
2009-04-02 20:11:42 ----D---- C:\WINDOWS
2009-04-02 20:10:47 ----RD---- C:\Program Files
2009-04-01 01:35:59 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-30 21:02:09 ----SD---- C:\WINDOWS\Tasks
2009-03-27 20:07:07 ----D---- C:\WINDOWS\system32
2009-03-27 20:06:30 ----SHD---- C:\WINDOWS\Installer
2009-03-27 20:06:25 ----HD---- C:\Config.Msi
2009-03-27 18:59:58 ----D---- C:\Program Files\Common Files
2009-03-24 20:34:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-24 17:35:32 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-24 17:35:32 ----D---- C:\WINDOWS\Help
2009-03-24 17:35:30 ----HD---- C:\WINDOWS\inf
2009-03-24 17:23:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-24 17:09:12 ----D---- C:\Program Files\Mozilla Firefox
2009-03-24 16:54:53 ----D---- C:\WINDOWS\security
2009-03-24 16:38:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-24 16:11:44 ----D---- C:\Program Files\Trend Micro
2009-03-24 15:36:37 ----ASH---- C:\boot.ini
2009-03-24 15:36:37 ----A---- C:\WINDOWS\win.ini
2009-03-24 15:36:37 ----A---- C:\WINDOWS\system.ini
2009-03-24 14:21:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-23 19:48:28 ----D---- C:\WINDOWS\WinSxS
2009-03-23 19:48:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-12 20:28:49 ----D---- C:\Program Files\HP
2009-03-11 15:52:08 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 15:04:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-08 12:49:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-27 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-27 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-30 108552]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-13 28672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-06-20 39712]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-21 729088]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-05-17 2161792]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2003-03-02 5755]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-03-18 13824]
R3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-06-01 178560]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-13 93440]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 GAGPDrv;GAGPDrv; C:\WINDOWS\system32\drivers\GAGPDrv.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-27 298264]
R2 JavaQuickStarterService;JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2008-06-06 66880]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 aawservice;aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-25 611664]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-01-31 407072]
S4 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2002-10-15 155770]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-21 397312]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-04-21 516096]
S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2004-10-09 54784]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-21 138168]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Panasonic Local Printer Service;Panasonic Local Printer Service; C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe [2004-08-03 36864]
S4 Panasonic Trap Monitor Service;Panasonic Trap Monitor Service; C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe [2004-02-24 69632]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
SATISFACTION GUARANTEE: If for any reason you are not happy with your purchase, simply contact customer Support within 30 days, and we'll refund your purchase with no questions asked. CyberDefender is dedicated to client satisfaction and keeping you safe!
[/CENTER]
Similar Threads
