Kaspersky Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 17:42:19
Records in database: 2406745
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 128638
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:22:56
File name / Threat name / Threats count
C:\System Volume Information\_restore{1E5D701F-37D5-4C62-AE24-08B584C178B8}\RP1060\A0113791.exe Infected: Trojan-Spy.Win32.Zbot.xdn 1
The selected area was scanned.
Here's what McAfee found:
6/30/2009 7:05:34 PM Engine version =5300
6/30/2009 7:05:34 PM DAT version =5652
6/30/2009 7:05:34 PM Number of virus signatures in EXTRA.DAT =None
6/30/2009 7:05:34 PM Names of viruses that EXTRA.DAT can detect =None
6/30/2009 7:05:29 PM Scan Started MAX\M Brough On-Demand Scan
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Settings
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Move To Folder : C:\QUARANTINE\
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Archives : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Mime : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Macro Heuristics : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Program Heuristics: Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Primary Action : Clean
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Secondary Action : Prompt
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Apply Unwanted Program Policy : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Primary Unwanted Program Action : Clean
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Secondary Unwanted Program Action : Move
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Extension Option : Scan All
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Sub Folders : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Boot Sectors : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Offline Files: Disabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Exclusions
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Items
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough All fixed drives
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Running processes
6/30/2009 7:26:08 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass2.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PestTrap.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip\Online Security Test.url
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx1.zip\lurapaso.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx10.zip\pewafahu.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx11.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx12.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx13.zip\jepayala.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx14.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx15.zip\fivajubu.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx16.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx17.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx18.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx19.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx2.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx20.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx21.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx22.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx23.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx24.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx25.zip\luyehije.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx26.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx27.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx28.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx29.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx3.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx30.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx31.zip\fifugiku.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx32.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx33.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx34.zip\gehotimi.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx35.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx36.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx37.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx38.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx39.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx4.zip\wulezije.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx40.zip\kehitulo.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx5.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx6.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx7.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx8.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx9.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentpz.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentpz1.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentpz2.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger1.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger10.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger11.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger12.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger13.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger14.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger15.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger16.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger17.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger18.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger19.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger2.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger20.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger21.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger22.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger23.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger24.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger25.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger26.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger27.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger28.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger29.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger3.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger30.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger31.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger32.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger33.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger34.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger35.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger36.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger37.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger4.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger5.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger6.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger7.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger8.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger9.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChangerRtk.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChangerRtk1.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobHomepageMonitor.zip\sbRecovery.reg
6/30/2009 7:45:59 PM Not scanned (The file is encrypted) c:\Documents and Settings\M Brough\My Documents\Downloads\7th August 2006\uds-JayZ-ThBA.part1.rar\JAY Z - 01 - INTERLUDE.MP3
6/30/2009 7:46:00 PM Not scanned (The file is encrypted) c:\Documents and Settings\M Brough\My Documents\Downloads\7th August 2006\uds-JayZ-ThBA.part2.rar\JAY Z - 11 - JUSTIFY MY THUG.MP3
6/30/2009 8:34:06 PM No Action Taken (Clean failed because the file isn't cleanable) c:\temp\quarantine\Av-test.txt.Vir EICAR test file(Test)
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Scan Summary
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Processes scanned : 52
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Processes detected : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Processes cleaned : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Boot sectors scanned : 1
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Boot sectors detected: 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Boot sectors cleaned : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files scanned : 128551
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files with detections: 1
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough File detections : 1
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files cleaned : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files moved : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files deleted : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files not scanned : 32
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Run time : 1:47:59
6/30/2009 8:53:28 PM Scan Complete MAX\M Brough On-Demand Scan
fresh HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:37 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\TomTom HOME 2\TomTomHOMERunner.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Omea Reader\IexploreOmeaW.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Omea - {35402C01-1777-4159-9ABA-3480BA70D90A} - C:\Omea Reader\IexploreOmeaW.dll
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Clip and Edit - res://C:\Omea Reader\IexploreOmeaW.dll/1000
O8 - Extra context menu item: Clip and Save - res://C:\Omea Reader\IexploreOmeaW.dll/1001
O8 - Extra context menu item: Subscribe to Feed - res://C:\Omea Reader\IexploreOmeaW.dll/1002
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra 'Tools' menuitem: Omea Add-on Options… - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Subscribe to Feed - {35402C01-1777-4159-9ABA-3480BA70D903} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Clip and Edit - {35402C01-1777-4159-9ABA-3480BA70D905} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Clip and Save - {35402C01-1777-4159-9ABA-3480BA70D907} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Annotate - {35402C01-1777-4159-9ABA-3480BA70D909} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate1c9acbce505e92e) (gupdate1c9acbce505e92e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 9551 bytes
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 17:42:19
Records in database: 2406745
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 128638
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:22:56
File name / Threat name / Threats count
C:\System Volume Information\_restore{1E5D701F-37D5-4C62-AE24-08B584C178B8}\RP1060\A0113791.exe Infected: Trojan-Spy.Win32.Zbot.xdn 1
The selected area was scanned.
Here's what McAfee found:
6/30/2009 7:05:34 PM Engine version =5300
6/30/2009 7:05:34 PM DAT version =5652
6/30/2009 7:05:34 PM Number of virus signatures in EXTRA.DAT =None
6/30/2009 7:05:34 PM Names of viruses that EXTRA.DAT can detect =None
6/30/2009 7:05:29 PM Scan Started MAX\M Brough On-Demand Scan
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Settings
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Move To Folder : C:\QUARANTINE\
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Archives : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Mime : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Macro Heuristics : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Program Heuristics: Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Primary Action : Clean
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Secondary Action : Prompt
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Apply Unwanted Program Policy : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Primary Unwanted Program Action : Clean
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Secondary Unwanted Program Action : Move
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Extension Option : Scan All
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Sub Folders : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Boot Sectors : Enabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Offline Files: Disabled
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Exclusions
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Scan Items
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough All fixed drives
6/30/2009 7:05:29 PM Scan Settings MAX\M Brough Running processes
6/30/2009 7:26:08 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass2.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PestTrap.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip\Online Security Test.url
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx1.zip\lurapaso.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx10.zip\pewafahu.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx11.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx12.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx13.zip\jepayala.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx14.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx15.zip\fivajubu.dll
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx16.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx17.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx18.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx19.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx2.zip\sbRecovery.reg
6/30/2009 7:26:09 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx20.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx21.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx22.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx23.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx24.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx25.zip\luyehije.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx26.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx27.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx28.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx29.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx3.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx30.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx31.zip\fifugiku.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx32.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx33.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx34.zip\gehotimi.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx35.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx36.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx37.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx38.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx39.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx4.zip\wulezije.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx40.zip\kehitulo.dll
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx5.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx6.zip\sbRecovery.reg
6/30/2009 7:26:10 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx7.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx8.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx9.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentpz.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentpz1.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentpz2.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger1.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger10.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger11.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger12.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger13.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger14.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger15.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger16.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger17.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger18.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger19.zip\sbRecovery.reg
6/30/2009 7:26:11 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger2.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger20.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger21.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger22.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger23.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger24.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger25.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger26.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger27.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger28.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger29.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger3.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger30.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger31.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger32.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger33.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger34.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger35.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger36.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger37.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger4.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger5.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger6.zip\sbRecovery.reg
6/30/2009 7:26:12 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger7.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger8.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger9.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChangerRtk.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChangerRtk1.zip\sbRecovery.reg
6/30/2009 7:26:13 PM Not scanned (The file is encrypted) c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobHomepageMonitor.zip\sbRecovery.reg
6/30/2009 7:45:59 PM Not scanned (The file is encrypted) c:\Documents and Settings\M Brough\My Documents\Downloads\7th August 2006\uds-JayZ-ThBA.part1.rar\JAY Z - 01 - INTERLUDE.MP3
6/30/2009 7:46:00 PM Not scanned (The file is encrypted) c:\Documents and Settings\M Brough\My Documents\Downloads\7th August 2006\uds-JayZ-ThBA.part2.rar\JAY Z - 11 - JUSTIFY MY THUG.MP3
6/30/2009 8:34:06 PM No Action Taken (Clean failed because the file isn't cleanable) c:\temp\quarantine\Av-test.txt.Vir EICAR test file(Test)
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Scan Summary
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Processes scanned : 52
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Processes detected : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Processes cleaned : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Boot sectors scanned : 1
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Boot sectors detected: 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Boot sectors cleaned : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files scanned : 128551
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files with detections: 1
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough File detections : 1
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files cleaned : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files moved : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files deleted : 0
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Files not scanned : 32
6/30/2009 8:53:28 PM Scan Summary MAX\M Brough Run time : 1:47:59
6/30/2009 8:53:28 PM Scan Complete MAX\M Brough On-Demand Scan
fresh HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:37 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\TomTom HOME 2\TomTomHOMERunner.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Omea Reader\IexploreOmeaW.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Omea - {35402C01-1777-4159-9ABA-3480BA70D90A} - C:\Omea Reader\IexploreOmeaW.dll
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Clip and Edit - res://C:\Omea Reader\IexploreOmeaW.dll/1000
O8 - Extra context menu item: Clip and Save - res://C:\Omea Reader\IexploreOmeaW.dll/1001
O8 - Extra context menu item: Subscribe to Feed - res://C:\Omea Reader\IexploreOmeaW.dll/1002
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra 'Tools' menuitem: Omea Add-on Options… - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Subscribe to Feed - {35402C01-1777-4159-9ABA-3480BA70D903} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Clip and Edit - {35402C01-1777-4159-9ABA-3480BA70D905} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Clip and Save - {35402C01-1777-4159-9ABA-3480BA70D907} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Annotate - {35402C01-1777-4159-9ABA-3480BA70D909} - C:\Omea Reader\IexploreOmeaW.dll (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate1c9acbce505e92e) (gupdate1c9acbce505e92e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 9551 bytes
