0
Scan saved at 21:47:13, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co...t=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6B7CB0DB-397A-4A92-85BF-A14C45666C2F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {894C9E38-593B-4C5C-B3F4-1C7BF7D29450} - C:\WINDOWS\system32\aqluimdm.dll (file missing)
O2 - BHO: (no name) - {B53B69BF-777A-49C3-A3F4-C5DD027DABFa} - C:\WINDOWS\system32\aqluimdm.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: DownloadAsap.lnk = C:\Program Files\DAsap\DAsap.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - Winlogon Notify: bkmig - C:\WINDOWS\bkmig.dll (file missing)
O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
--
End of file - 9663 bytes
-------------------------------------------------------------------------------------
Activescan Panda
Incident Status Location
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.adviva.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.bfast.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\afrim\Application Data\Mozilla\Firefox\Profiles\ywf8ykr9.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.overture.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.adviva.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Xim\Application Data\Mozilla\Firefox\Profiles\5wjnf1p9.default\cookies.txt[.adultfriendfinder.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Xim\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-7da3d169[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Xim\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-7da3d169[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Xim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-42b1014a.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Xim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-42b1014a.zip[NewURLClassLoader.class]
Hacktool:HackTool/NetCat.A Not disinfected C:\temp\aol\modemconfig.exe
--------------------------------------------------------------------------------------------
SDFix: Version 1.99
Run by Xim on 22/08/2007 at 20:10
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Xim\\Desktop\\SopCast_050\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\Xim\\Desktop\\SopCast_050\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Program Files\\feidian\\Win32Client.exe"="C:\\Program Files\\feidian\\Win32Client.exe:*:Enabled:??????"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE:*:Enabled:Share Streaming"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\EA GAMES\\Battlefield 1942 Multiplayer Demo\\BF1942Demo.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942 Multiplayer Demo\\BF1942Demo.exe:*:Enabled:Battlefield 1942 Multiplayer Demo"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:ABC"
"C:\\Documents and Settings\\Xim\\Desktop\\gvc\\RED FACTION Full\\rf.exe"="C:\\Documents and Settings\\Xim\\Desktop\\gvc\\RED FACTION Full\\rf.exe:*:Enabled:Red Faction"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\TournamentDemo\\System\\UnrealTournament.exe"="C:\\TournamentDemo\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\Documents and Settings\\Xim\\Desktop\\NWO_MPTest\\NWO\\NWO.exe"="C:\\Documents and Settings\\Xim\\Desktop\\NWO_MPTest\\NWO\\NWO.exe:*:Disabled:NWO"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Documents and Settings\\Xim\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Xim\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopAdver"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\tvants\\Tvants.exe"="C:\\Program Files\\tvants\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Alien Arena 2007\\crx.exe"="C:\\Alien Arena 2007\\crx.exe:*:Enabled:crx"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\p talk\\paltalk.exe"="C:\\Program Files\\p talk\\paltalk.exe:*:Enabled:Paltalk Messenger 8.5"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:Play Unreal Tournament"
"C:\\Copy of UnrealTournament\\System\\UnrealTournament.exe"="C:\\Copy of UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\gunz\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\gunz\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Java\\j2sdk1.4.2_12\\bin\\appletviewer.exe"="C:\\Program Files\\Java\\j2sdk1.4.2_12\\bin\\appletviewer.exe:*:Enabled:appletviewer"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Java\\jdk1.5.0_10\\bin\\appletviewer.exe"="C:\\Program Files\\Java\\jdk1.5.0_10\\bin\\appletviewer.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\imeem\\imeem.exe"="C:\\Program Files\\imeem\\imeem.exe:*:Enabled:imeem"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Xim\\Desktop\\cs2d_0100\\CounterStrike2D.exe"="C:\\Documents and Settings\\Xim\\Desktop\\cs2d_0100\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Program Files\\Steam\\steamapps\\afrim_tl\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\afrim_tl\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"="C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe:*:Enabled:UltimateDefrag V1"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk 9.0"
"C:\\Documents and Settings\\Xim\\Desktop\\New Folder\\ePSXe.exe"="C:\\Documents and Settings\\Xim\\Desktop\\New Folder\\ePSXe.exe:*:Enabled:ePSXe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"C:\\Documents and Settings\\Xim\\Desktop\\mlnet.exe"="C:\\Documents and Settings\\Xim\\Desktop\\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"C:\\Program Files\\Java\\jdk1.5.0_10\\bin\\javaw.exe"="C:\\Program Files\\Java\\jdk1.5.0_10\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Registry Backups: - C:\SDFix\backups\backupreg.zip
Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
Files with Hidden Attributes:
C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe
C:\temp\aol\connect.exe
C:\temp\aol\curl.exe
C:\temp\aol\modemconfig.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Xim\My Documents\My eBooks\~WRL2313.tmp
C:\WINDOWS\gimkb.tmp
C:\WINDOWS\system32\ihkmp.tmp
Finished
Thanks in advance
