Tech Support Guy banner
Cancel

Inappropriate pop-ups

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 14 of 14 Posts
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #1 ·
Hi all

I'm having a problem with pop-ups appearing when I'm browsing. I've got all blockers that I'm aware of turned on, but something has been dropped on my system. It was annoying at first but the ads sems to be getting more an more explicit and I certainly don't want to be showing my kids something and for a porn site to ad itself in front of them.

I've done Ad-aware, AVG Spyware, and virus scans, but nothing seems to get deleted after reboot.

Below is a HJT log for the attention of the experts.

Thanks

Moozer

Logfile of HijackThis v1.99.1
Scan saved at 22:44:25, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ntl\ntl Netguard\fws.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
D:\Program Files\Common Files\Command Software\dvpapi.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\PDesk\PDesk.exe
D:\Program Files\ntl\ntl Netguard\Rps.exe
D:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\mgabg.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - D:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - D:\Program Files\ntl\ntl Netguard\FBHR.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ntl Netguard] D:\Program Files\ntl\ntl Netguard\Rps.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] D:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - D:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - D:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - D:\WINDOWS\system32\mgabg.exe
 
Save Share
Cookiegal

· Administrator
Joined
·
124,729 Posts
First Name -
Karen
#2 ·
Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
 
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #3 ·
Thanks for your time Cookiegal ;-)

Combofix log:

"Andy" - 07-01-14 0:49:51 Service Pack 2
ComboFix 07-01-14.2 - Running from: "D:\My Downloads"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\command.com

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))

2007-01-13 22:09 d--hs---- D:\FOUND.006
2007-01-13 21:30 53,760 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2007-01-13 21:30 140,928 --a------ D:\WINDOWS\system32\drivers\ks.sys
2007-01-13 21:29 47,616 --a------ D:\WINDOWS\system32\iyuv_32.dll
2007-01-13 21:28 d--hs---- D:\FOUND.005
2007-01-13 21:13 30,921 --a------ D:\WINDOWS\system32\drivers\SQCaptur.sys
2007-01-13 21:13 25,449 --a------ D:\WINDOWS\system32\drivers\SQCamD.sys
2007-01-13 10:44 d--hs---- D:\FOUND.004
2007-01-13 01:17 32,128 --a------ D:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-01-12 18:16 d--hs---- D:\FOUND.003
2007-01-12 15:58 d--hs---- D:\FOUND.002
2007-01-12 15:02 d-------- D:\Program Files\TuneUp Utilities 2006
2007-01-12 15:02 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\TuneUp Software
2007-01-12 15:01 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-01-12 15:01 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Snapfish
2007-01-12 15:01 d-------- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\TuneUp Software
2007-01-12 14:42 d--hs---- D:\FOUND.001
2007-01-12 04:12 d-------- D:\CITYVIEW
2007-01-12 04:11 935,632 --a------ D:\WINDOWS\system\VB40016.DLL
2007-01-12 04:11 770,928 --a------ D:\WINDOWS\system\LEAD51.DLL
2007-01-12 04:11 57,328 --a------ D:\WINDOWS\system\OLE2CONV.DLL
2007-01-12 04:11 536,048 --a------ D:\WINDOWS\system\OC25.DLL
2007-01-12 04:11 51,712 --a------ D:\WINDOWS\system\OLE2PROX.DLL
2007-01-12 04:11 5,120 --a------ D:\WINDOWS\system\STKIT416.DLL
2007-01-12 04:11 304,640 --a------ D:\WINDOWS\system\OLE2.DLL
2007-01-12 04:11 28,113 --a------ D:\WINDOWS\system\OLE2.REG
2007-01-12 04:11 177,824 --a------ D:\WINDOWS\system\TYPELIB.DLL
2007-01-12 04:11 164,960 --a------ D:\WINDOWS\system\OLE2DISP.DLL
2007-01-12 04:11 157,696 --a------ D:\WINDOWS\system\STORAGE.DLL
2007-01-12 04:11 152,976 --a------ D:\WINDOWS\system\OLE2NLS.DLL
2007-01-12 04:11 12,976 --a------ D:\WINDOWS\system\SCP.DLL
2007-01-12 04:11 109,056 --a------ D:\WINDOWS\system\COMPOBJ.DLL
2007-01-11 23:37 421,888 --a------ D:\WINDOWS\Nero PhotoShow.scr
2007-01-11 23:37 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Simple Star
2007-01-11 23:37 d-------- D:\Demo Album
2007-01-11 23:36 d-------- D:\Program Files\Nero
2007-01-11 23:35 2,670,592 --------- D:\WINDOWS\UNNMP.exe
2007-01-11 23:33 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe
2007-01-11 23:32 d-------- D:\Program Files\Common Files\Nero
2007-01-11 23:24 24,064 --------- D:\WINDOWS\system32\msxml3a.dll
2007-01-11 23:24 2,916,352 --------- D:\WINDOWS\UNNeroVision.exe
2007-01-11 23:23 476,320 --a------ D:\WINDOWS\system32\ImagXpr7.dll
2007-01-11 23:23 471,040 --a------ D:\WINDOWS\system32\ImagXRA7.dll
2007-01-11 23:23 38,912 --a------ D:\WINDOWS\system32\picn20.dll
2007-01-11 23:23 364,544 --a------ D:\WINDOWS\system32\TwnLib4.dll
2007-01-11 23:23 262,144 --a------ D:\WINDOWS\system32\ImagXR7.dll
2007-01-11 23:23 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll
2007-01-11 23:23 1,568,768 --a------ D:\WINDOWS\system32\ImagX7.dll
2007-01-11 23:23 d-------- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\Ahead
2007-01-11 23:22 d-------- D:\Program Files\Common Files\Ahead
2007-01-11 23:22 d-------- D:\Program Files\Ahead
2007-01-11 23:13 d--hs---- D:\FOUND.000
2007-01-11 23:05 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Ahead
2007-01-11 22:37 d-------- D:\WINDOWS\Sun
2007-01-11 22:37 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Sun
2007-01-11 21:46 4,064 --a------ D:\WINDOWS\system32\drivers\ATMHELPR.SYS
2007-01-11 21:46 212,352 --a------ D:\WINDOWS\system32\ATMDRVR.DLL
2007-01-11 21:46 d-------- D:\PSFONTS
2007-01-11 21:46 d-------- D:\Program Files\Adobe Type Manager
2007-01-11 21:45 54,784 --a------ D:\WINDOWS\EasyPhoto Slide Show.scr
2007-01-11 21:45 415,744 --a------ D:\WINDOWS\system32\EZIMG25.dll
2007-01-11 21:45 4,080 --a------ D:\WINDOWS\system32\WINSIZE.DLL
2007-01-11 21:45 37,376 --a------ D:\WINDOWS\kpsys32.dll
2007-01-11 21:45 27,136 --a------ D:\WINDOWS\system32\cppenv25.dll
2007-01-11 21:45 27,136 --a------ D:\WINDOWS\CTL3D32.DLL
2007-01-11 21:45 249,856 --a------ D:\WINDOWS\system32\Snap32n.dll
2007-01-11 21:45 212,480 --a------ D:\WINDOWS\pcdlib32.dll
2007-01-11 21:45 210,944 --a------ D:\WINDOWS\system32\MSVCRT10.DLL
2007-01-11 21:45 20,976 --a------ D:\WINDOWS\system32\CTL3D.DLL
2007-01-11 21:45 196,608 --a------ D:\WINDOWS\kpcp32.dll
2007-01-11 21:45 133,120 --a------ D:\WINDOWS\SPROF32.DLL
2007-01-11 21:45 132,096 --a------ D:\WINDOWS\kpapi32.dll
2007-01-11 21:45 d-------- D:\WINDOWS\system32\Color
2007-01-11 21:45 d-------- D:\Program Files\PhotoDeluxe HE 3.0
2007-01-11 21:45 d-------- D:\Program Files\ImageServer
2007-01-11 21:45 d-------- D:\KPCMS
2007-01-11 21:44 299,520 --a------ D:\WINDOWS\uninst.exe
2007-01-11 21:33 94,352 -ra------ D:\WINDOWS\system\MHRUN400.DLL
2007-01-11 21:33 58,192 -ra------ D:\WINDOWS\system\MHRUN300.DLL
2007-01-11 21:33 398,416 -ra------ D:\WINDOWS\system\VBRUN300.DLL
2007-01-11 21:33 356,992 -ra------ D:\WINDOWS\system\VBRUN200.DLL
2007-01-11 21:33 27,632 -ra------ D:\WINDOWS\system\CTL3DV2.DLL
2007-01-11 13:53 d-------- D:\Program Files\Java
2007-01-11 13:52 d-------- D:\Program Files\Common Files\Java
2007-01-11 02:00 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Talkback
2007-01-11 01:59 d-------- D:\Program Files\Mozilla Firefox
2007-01-10 23:58 d-------- D:\WINDOWS\system32\Adobe
2007-01-10 23:58 d-------- D:\WINDOWS\Profiles
2007-01-10 23:58 d-------- D:\Program Files\Common Files\Adobe
2007-01-10 23:58 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\InterTrust
2007-01-10 23:58 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Adobe
2007-01-10 23:30 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Help
2007-01-10 21:29 d-------- D:\Program Files\Lavasoft
2007-01-10 21:29 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Lavasoft
2007-01-10 20:21 d-------- D:\Program Files\Windows Defender
2007-01-10 20:18 d-------- D:\Program Files\backups
2007-01-10 17:03 d-------- D:\Program Files\FreshDevices
2007-01-09 23:57 d-------- D:\Quake 3 Arena
2007-01-09 22:52 d-------- D:\DOCUME~1\ANDY~1.HOM\WINDOWS
2007-01-09 22:26 d-------- D:\Program Files\BearShare
2007-01-09 19:32 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-09 19:32 d-------- D:\Program Files\Grisoft
2007-01-09 18:59 d-------- D:\Program Files\MSN Messenger
2007-01-09 18:55 d-------- D:\WINDOWS\ie7updates
2007-01-09 05:00 d-------- D:\Program Files\OPTION AXIS 2
2007-01-09 05:00 d-------- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\Proc htm the road
2007-01-08 18:25 3,840 --a------ D:\WINDOWS\system32\drivers\BANTExt.sys
2007-01-08 18:25 d-------- D:\Program Files\Belarc
2007-01-08 18:18 d-------- D:\Program Files\Lavalys
2007-01-08 18:14 d-------- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\Trymedia
2007-01-08 16:30 d-------- D:\Program Files\GTG Toolbar
2007-01-08 16:28 6,752 --a------ D:\WINDOWS\system32\PfModNT.sys
2007-01-08 16:28 d-------- D:\Program Files\Creative
2007-01-08 13:13 d-------- D:\Program Files\directx
2007-01-08 12:26 56,832 --------- D:\WINDOWS\system32\iyvu9_32.dll
2007-01-08 12:12 163,840 --a------ D:\WINDOWS\BJPSUNST.EXE
2007-01-08 12:11 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-01-08 12:11 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2007-01-08 12:11 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2007-01-08 12:11 d-------- D:\WINDOWS\StartHtmico
2007-01-08 12:10 90,112 -ra------ D:\WINDOWS\system32\CNMCP7C.exe
2007-01-08 12:10 8,704 --a------ D:\WINDOWS\system32\CNMVS7C.DLL
2007-01-08 12:10 140,288 --------- D:\WINDOWS\system32\CNMLM7C.DLL
2007-01-08 12:10 d--h----- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\CanonBJ
2007-01-08 12:09 d-------- D:\Program Files\Canon
2007-01-08 12:08 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-08 12:08 25,856 --a------ D:\WINDOWS\system32\drivers\usbprint.sys
2007-01-08 11:51 d-------- D:\Program Files\GameSpy Arcade
2007-01-08 09:15 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\BearShare
2007-01-07 04:27 d-------- D:\Program Files\Shareaza
2007-01-07 04:27 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Shareaza
2007-01-07 03:05 4,274,816 --a------ D:\WINDOWS\system32\nv4_disp.dll
2007-01-07 03:05 1,897,408 --a------ D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-07 01:34 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\DivX
2007-01-07 01:05 20,640 --------- D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-07 01:05 109,568 --------- D:\WINDOWS\system32\pxinsi64.exe
2007-01-07 01:05 108,544 --------- D:\WINDOWS\system32\pxcpyi64.exe
2007-01-07 01:05 d-------- D:\Program Files\DivX
2007-01-06 19:34 d--h----- D:\WINDOWS\PIF
2007-01-06 17:44 720,896 --a------ D:\WINDOWS\iun6002.exe
2007-01-06 17:44 d-------- D:\Program Files\Incredible Technologies
2007-01-06 17:33 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\OfficeUpdate12
2007-01-06 17:17 24,816 --a------ D:\WINDOWS\system32\mdimon.dll
2007-01-06 17:16 d-------- D:\Program Files\Microsoft ActiveSync
2007-01-06 17:16 d-------- D:\Program Files\Common Files\L&H
2007-01-06 17:15 d-------- D:\Program Files\Microsoft Works
2007-01-06 17:14 d-------- D:\WINDOWS\SHELLNEW
2007-01-06 17:11 dr-h----- D:\MSOCache
2007-01-06 16:43 d-------- D:\Program Files\Windows Media Connect 2
2007-01-06 16:41 d-------- D:\WINDOWS\system32\LogFiles
2007-01-06 16:41 d-------- D:\WINDOWS\system32\drivers\UMDF
2007-01-06 16:31 d-------- D:\WINDOWS\system32\PDesk
2007-01-06 16:03 d-------- D:\WINDOWS\system32\ReinstallBackups
2007-01-06 16:00 d-------- D:\WINDOWS\WBEM
2007-01-06 16:00 d-------- D:\WINDOWS\system32\en-US
2007-01-06 15:59 d-------- D:\dell
2007-01-06 15:58 121,856 --------- D:\WINDOWS\system32\xmllite.dll
2007-01-06 15:57 d-------- D:\WINDOWS\network diagnostic
2007-01-06 15:54 d-------- D:\Program Files\MSXML 4.0
2007-01-06 15:54 d-------- D:\3514ed13d3b3d8dfc0fa9fdc09ed
2007-01-06 15:40 d-------- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\Windows Genuine Advantage
2007-01-06 15:38 d--hs---- D:\DOCUME~1\ANDY~1.HOM\UserData
2007-01-06 15:15 86,016 --a------ D:\WINDOWS\unvise32qt.exe
2007-01-06 15:15 d-------- D:\WINDOWS\system32\QuickTime
2007-01-06 15:15 d-------- D:\Program Files\QuickTime
2007-01-06 15:15 d-------- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\QuickTime
2007-01-06 15:14 d-------- D:\Program Files\AC3Filter
2007-01-06 15:00 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\Motive
2007-01-06 14:58 d-------- D:\Program Files\SopCast
2007-01-06 14:58 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\SopCast
2007-01-06 12:04 d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\ntl
2007-01-06 12:02 d--h----- D:\Program Files\InstallShield Installation Information
2007-01-06 12:01 d-------- D:\Program Files\Common Files\PestPatrol
2007-01-06 12:01 d-------- D:\Program Files\Common Files\Command Software
2007-01-06 12:00 d-------- D:\WINDOWS\Downloaded Installations
2007-01-06 12:00 d-------- D:\Program Files\Common Files\InstallShield
2007-01-06 12:00 d-------- D:\DOCUME~1\ALLUSE~1.WIN\Application Data\ntl
2007-01-06 11:46 947,472 --a------ D:\WINDOWS\system32\msjava.dll
2007-01-06 11:46 63,248 --a------ D:\WINDOWS\system32\javaprxy.dll
2007-01-06 11:46 49,424 --a------ D:\WINDOWS\system32\clspack.exe
2007-01-06 11:46 46,352 --a------ D:\WINDOWS\setdebug.exe
2007-01-06 11:46 404,752 --a------ D:\WINDOWS\system32\javart.dll
2007-01-06 11:46 313,856 --a------ D:\WINDOWS\system32\dx3j.dll
2007-01-06 11:46 286,992 --a------ D:\WINDOWS\system32\vmhelper.dll
2007-01-06 11:46 21,264 --a------ D:\WINDOWS\system32\msjdbc10.dll
2007-01-06 11:46 187,152 --a------ D:\WINDOWS\system32\javacypt.dll
2007-01-06 11:46 172,304 --a------ D:\WINDOWS\system32\jview.exe
2007-01-06 11:46 171,792 --a------ D:\WINDOWS\system32\wjview.exe
2007-01-06 11:46 171,280 --a------ D:\WINDOWS\system32\jit.dll
2007-01-06 11:46 154,384 --a------ D:\WINDOWS\system32\msawt.dll
2007-01-06 11:46 15,120 --a------ D:\WINDOWS\system32\jdbgmgr.exe
2007-01-06 11:46 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2007-01-06 11:46 113 --a------ D:\WINDOWS\system32\zonedon.reg
2007-01-06 11:46 113 --a------ D:\WINDOWS\system32\zonedoff.reg
2007-01-06 11:41 663,552 --a------ D:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2007-01-06 11:41 532,594 --a------ D:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2007-01-06 11:41 524,377 --a------ D:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2007-01-06 11:41 307,329 --a------ D:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2007-01-06 11:41 306,688 --a------ D:\WINDOWS\IsUninst.exe
2007-01-06 11:41 159,744 --a------ D:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2007-01-06 11:40 23,856 --a------ D:\WINDOWS\system32\spupdsvc.exe
2007-01-06 11:40 d--h----- D:\WINDOWS\$hf_mig$
2007-01-06 11:40 d-------- D:\WINDOWS\system32\PreInstall
2007-01-06 11:34 d-------- D:\WINDOWS\system32\SoftwareDistribution
2007-01-06 11:26 112,128 --a------ D:\WINDOWS\system32\mapi32.dll
2007-01-06 11:25 d--hs---- D:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-01-06 11:24 81,920 --a------ D:\WINDOWS\system32\isign32.dll
2007-01-06 11:24 81,920 --a------ D:\WINDOWS\system32\ils.dll
2007-01-06 11:24 8,192 --a------ D:\WINDOWS\system32\bitsprx2.dll
2007-01-06 11:24 73,728 --a------ D:\WINDOWS\system32\icwdial.dll
2007-01-06 11:24 73,472 --a------ D:\WINDOWS\system32\drivers\sr.sys
2007-01-06 11:24 7,168 --a------ D:\WINDOWS\system32\bitsprx3.dll
2007-01-06 11:24 69,632 --a------ D:\WINDOWS\system32\msconf.dll
2007-01-06 11:24 679,424 --a------ D:\WINDOWS\system32\inetcomm.dll
2007-01-06 11:24 67,584 --a------ D:\WINDOWS\system32\srclient.dll
2007-01-06 11:24 65,536 --a------ D:\WINDOWS\system32\icwphbk.dll
2007-01-06 11:24 64,512 --a------ D:\WINDOWS\system32\acctres.dll
2007-01-06 11:24 6,656 --a------ D:\WINDOWS\system32\wuauserv.dll
2007-01-06 11:24 48,128 --a------ D:\WINDOWS\system32\inetres.dll
2007-01-06 11:24 465,176 --a------ D:\WINDOWS\system32\wuapi.dll
2007-01-06 11:24 45,568 --a------ D:\WINDOWS\system32\safrslv.dll
2007-01-06 11:24 43,520 --a------ D:\WINDOWS\system32\safrcdlg.dll
2007-01-06 11:24 43,520 --a------ D:\WINDOWS\system32\racpldlg.dll
2007-01-06 11:24 41,240 --a------ D:\WINDOWS\system32\wups.dll
2007-01-06 11:24 382,464 --a------ D:\WINDOWS\system32\qmgr.dll
2007-01-06 11:24 34,560 --a------ D:\WINDOWS\system32\mnmdd.dll
2007-01-06 11:24 32,768 --a------ D:\WINDOWS\system32\mnmsrvc.exe
2007-01-06 11:24 32,768 --a------ D:\WINDOWS\system32\isrdbg32.dll
2007-01-06 11:24 29,696 --a------ D:\WINDOWS\system32\safrdm.dll
2007-01-06 11:24 28,672 --a------ D:\WINDOWS\system32\nmmkcert.dll
2007-01-06 11:24 274,944 --a------ D:\WINDOWS\system32\mstask.dll
2007-01-06 11:24 274,432 --a------ D:\WINDOWS\system32\inetcfg.dll
2007-01-06 11:24 252,928 --a------ D:\WINDOWS\system32\msoeacct.dll
2007-01-06 11:24 239,104 --a------ D:\WINDOWS\system32\srrstr.dll
2007-01-06 11:24 23,040 --a------ D:\WINDOWS\system32\fltMc.exe
2007-01-06 11:24 194,328 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-01-06 11:24 190,976 --a------ D:\WINDOWS\system32\schedsvc.dll
2007-01-06 11:24 18,944 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2007-01-06 11:24 173,536 --a------ D:\WINDOWS\system32\wuweb.dll
2007-01-06 11:24 172,312 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-01-06 11:24 170,496 --a------ D:\WINDOWS\system32\srsvc.dll
2007-01-06 11:24 16,896 --a------ D:\WINDOWS\system32\fltlib.dll
2007-01-06 11:24 16,384 --a------ D:\WINDOWS\system32\icfgnt5.dll
2007-01-06 11:24 128,896 --a------ D:\WINDOWS\system32\drivers\fltMgr.sys
2007-01-06 11:24 127,256 --a------ D:\WINDOWS\system32\wucltui.dll
2007-01-06 11:24 124,184 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-01-06 11:24 12,288 --a------ D:\WINDOWS\system32\nmevtmsg.dll
2007-01-06 11:24 12,288 --a------ D:\WINDOWS\system32\mstinit.exe
2007-01-06 11:24 11,264 --a------ D:\WINDOWS\system32\atrace.dll
2007-01-06 11:24 105,984 --a------ D:\WINDOWS\system32\msoert2.dll
2007-01-06 11:24 1,343,768 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-01-06 11:22 97,792 --a------ D:\WINDOWS\system32\comrepl.dll
2007-01-06 11:22 956,416 --a------ D:\WINDOWS\system32\msdtctm.dll
2007-01-06 11:22 93,696 --a------ D:\WINDOWS\system32\tscfgwmi.dll
2007-01-06 11:22 91,136 --a------ D:\WINDOWS\system32\mtxoci.dll
2007-01-06 11:22 9,728 --a------ D:\WINDOWS\system32\reset.exe
2007-01-06 11:22 87,176 --a------ D:\WINDOWS\system32\rdpwsx.dll
2007-01-06 11:22 85,504 --a------ D:\WINDOWS\system32\catsrvps.dll
2007-01-06 11:22 80,384 --a------ D:\WINDOWS\system32\charmap.exe
2007-01-06 11:22 73,216 --a------ D:\WINDOWS\system32\avwav.dll
2007-01-06 11:22 67,072 --a------ D:\WINDOWS\system32\rdshost.exe
2007-01-06 11:22 655,360 --a------ D:\WINDOWS\system32\mstscax.dll
2007-01-06 11:22 625,152 --a------ D:\WINDOWS\system32\catsrvut.dll
2007-01-06 11:22 62,464 --a------ D:\WINDOWS\system32\rdpclip.exe
2007-01-06 11:22 605,696 --a------ D:\WINDOWS\system32\getuname.dll
2007-01-06 11:22 60,416 --a------ D:\WINDOWS\system32\remotepg.dll
2007-01-06 11:22 60,416 --a------ D:\WINDOWS\system32\colbact.dll
2007-01-06 11:22 6,144 --a------ D:\WINDOWS\system32\msdtc.exe
2007-01-06 11:22 58,880 --a------ D:\WINDOWS\system32\msdtclog.dll
2007-01-06 11:22 56,832 --a------ D:\WINDOWS\system32\sol.exe
2007-01-06 11:22 55,296 --a------ D:\WINDOWS\system32\freecell.exe
2007-01-06 11:22 540,160 --a------ D:\WINDOWS\system32\comuid.dll
2007-01-06 11:22 54,272 --a------ D:\WINDOWS\system32\stclient.dll
2007-01-06 11:22 538,624 --a------ D:\WINDOWS\system32\spider.exe
2007-01-06 11:22 5,632 --a------ D:\WINDOWS\system32\write.exe
2007-01-06 11:22 5,120 --a------ D:\WINDOWS\system32\dcomcnfg.exe
2007-01-06 11:22 498,688 --a------ D:\WINDOWS\system32\clbcatq.dll
2007-01-06 11:22 44,544 --a------ D:\WINDOWS\system32\tscupgrd.exe
2007-01-06 11:22 44,544 --a------ D:\WINDOWS\system32\hticons.dll
2007-01-06 11:22 426,496 --a------ D:\WINDOWS\system32\msdtcprx.dll
2007-01-06 11:22 407,552 --a------ D:\WINDOWS\system32\mstsc.exe
2007-01-06 11:22 4,096 --a------ D:\WINDOWS\system32\rdpcfgex.dll
2007-01-06 11:22 4,096 --a------ D:\WINDOWS\system32\mtxex.dll
2007-01-06 11:22 38,912 --a------ D:\WINDOWS\system32\cfgbkend.dll
2007-01-06 11:22 35,328 --a------ D:\WINDOWS\system32\winchat.exe
2007-01-06 11:22 347,136 --a------ D:\WINDOWS\system32\hypertrm.dll
2007-01-06 11:22 343,040 --a------ D:\WINDOWS\system32\mspaint.exe
2007-01-06 11:22 33,792 --a------ D:\WINDOWS\system32\regini.exe
2007-01-06 11:22 295,424 --a------ D:\WINDOWS\system32\termsrv.dll
2007-01-06 11:22 25,600 --a------ D:\WINDOWS\system32\comaddin.dll
2007-01-06 11:22 25,088 --a------ D:\WINDOWS\system32\mtxlegih.dll
2007-01-06 11:22 227,840 --a------ D:\WINDOWS\system32\avtapi.dll
2007-01-06 11:22 225,792 --a------ D:\WINDOWS\system32\catsrv.dll
2007-01-06 11:22 22,016 --a------ D:\WINDOWS\system32\qwinsta.exe
2007-01-06 11:22 21,896 --a------ D:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-06 11:22 20,992 --a------ D:\WINDOWS\system32\msg.exe
2007-01-06 11:22 20,480 --a------ D:\WINDOWS\system32\qprocess.exe
2007-01-06 11:22 20,480 --a------ D:\WINDOWS\system32\mtxdm.dll
2007-01-06 11:22 19,968 --a------ D:\WINDOWS\system32\rdpsnd.dll
2007-01-06 11:22 183,808 --a------ D:\WINDOWS\system32\accwiz.exe
2007-01-06 11:22 161,280 --a------ D:\WINDOWS\system32\msdtcuiu.dll
2007-01-06 11:22 16,896 --a------ D:\WINDOWS\system32\tsshutdn.exe
2007-01-06 11:22 16,896 --a------ D:\WINDOWS\system32\qappsrv.exe
2007-01-06 11:22 16,384 --a------ D:\WINDOWS\system32\tskill.exe
2007-01-06 11:22 16,384 --a------ D:\WINDOWS\system32\avmeter.dll
2007-01-06 11:22 15,872 --a------ D:\WINDOWS\system32\rwinsta.exe
2007-01-06 11:22 15,872 --a------ D:\WINDOWS\system32\cdmodem.dll
2007-01-06 11:22 15,360 --a------ D:\WINDOWS\system32\logoff.exe
2007-01-06 11:22 147,968 --a------ D:\WINDOWS\system32\rdchost.dll
2007-01-06 11:22 147,456 --a------ D:\WINDOWS\system32\comsnap.dll
2007-01-06 11:22 140,800 --a------ D:\WINDOWS\system32\sessmgr.exe
2007-01-06 11:22 14,848 --a------ D:\WINDOWS\system32\tsdiscon.exe
2007-01-06 11:22 14,848 --a------ D:\WINDOWS\system32\tscon.exe
2007-01-06 11:22 14,848 --a------ D:\WINDOWS\system32\shadow.exe
2007-01-06 11:22 139,528 --a------ D:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-06 11:22 138,752 --a------ D:\WINDOWS\system32\sndvol32.exe
2007-01-06 11:22 131,584 --a------ D:\WINDOWS\system32\sndrec32.exe
2007-01-06 11:22 13,824 --a------ D:\WINDOWS\system32\rdsaddin.exe
2007-01-06 11:22 126,976 --a------ D:\WINDOWS\system32\mshearts.exe
2007-01-06 11:22 123,392 --a------ D:\WINDOWS\system32\mplay32.exe
2007-01-06 11:22 12,040 --a------ D:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-06 11:22 119,808 --a------ D:\WINDOWS\system32\winmine.exe
2007-01-06 11:22 114,688 --a------ D:\WINDOWS\system32\calc.exe
2007-01-06 11:22 110,080 --a------ D:\WINDOWS\system32\clbcatex.dll
2007-01-06 11:22 11,776 --a------ D:\WINDOWS\system32\xolehlp.dll
2007-01-06 11:22 11,264 --a------ D:\WINDOWS\system32\icaapi.dll
2007-01-06 11:22 102,912 --a------ D:\WINDOWS\system32\clipbrd.exe
2007-01-06 11:22 1,267,200 --a------ D:\WINDOWS\system32\comsvcs.dll
2007-01-06 11:22 1,161 --a------ D:\WINDOWS\system32\usrlogon.cmd
2007-01-06 11:21 58,880 --a------ D:\WINDOWS\system32\licwmi.dll
2007-01-06 11:21 56,320 --a------ D:\WINDOWS\system32\servdeps.dll
2007-01-06 11:21 40,840 --a------ D:\WINDOWS\system32\drivers\termdd.sys
2007-01-06 11:21 196,864 --a------ D:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-06 11:21 185,344 --a------ D:\WINDOWS\system32\cmprops.dll
2007-01-06 11:21 17,408 --a------ D:\WINDOWS\system32\mmfutil.dll
2007-01-06 11:19 82,944 --a------ D:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-06 11:19 7,552 --a------ D:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-06 11:19 60,800 --a------ D:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-06 11:19 6,400 --a------ D:\WINDOWS\system32\drivers\splitter.sys
2007-01-06 11:19 54,272 --a------ D:\WINDOWS\system32\drivers\swmidi.sys
2007-01-06 11:19 52,864 --a------ D:\WINDOWS\system32\drivers\DMusic.sys
2007-01-06 11:19 5,376 --a------ D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-06 11:19 4,992 --a------ D:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-06 11:19 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
2007-01-06 11:19 2,944 --a------ D:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-06 11:19 172,416 --a------ D:\WINDOWS\system32\drivers\kmixer.sys
2007-01-06 11:19 142,464 --a------ D:\WINDOWS\system32\drivers\aec.sys
2007-01-06 11:18 57,472 --a------ D:\WINDOWS\system32\drivers\redbook.sys
2007-01-06 11:18 10,624 --a------ D:\WINDOWS\system32\drivers\gameenum.sys
2007-01-06 11:17 74,240 --a------ D:\WINDOWS\system32\usbui.dll
2007-01-06 11:17 63,208 --a------ D:\WINDOWS\system32\drivers\dc21x4.sys
2007-01-06 11:17 470,144 --a------ D:\WINDOWS\system32\G200d.dll
2007-01-06 11:17 42,240 --a------ D:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-01-06 11:17 320,384 --a------ D:\WINDOWS\system32\drivers\G200m.sys
2007-01-06 11:16 60,288 --a------ D:\WINDOWS\system32\drivers\drmk.sys
2007-01-06 11:16 40,832 --a------ D:\WINDOWS\system32\drivers\es1371mp.sys
 
Save Share
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #4 ·
Combofix cont...

2007-01-06 11:16 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2007-01-06 11:16 145,792 --a------ D:\WINDOWS\system32\drivers\portcls.sys
2007-01-06 11:15 8,192 -ra------ D:\WINDOWS\system32\kbdhept.dll
2007-01-06 11:15 7,168 -ra------ D:\WINDOWS\system32\kbdcz.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdycl.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdsl1.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdsl.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdpl.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdhu.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdhela3.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdcz2.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdcz1.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\kbdcr.dll
2007-01-06 11:15 6,656 -ra------ D:\WINDOWS\system32\KBDAL.DLL
2007-01-06 11:15 6,144 -ra------ D:\WINDOWS\system32\kbdtuq.dll
2007-01-06 11:15 6,144 -ra------ D:\WINDOWS\system32\kbdtuf.dll
2007-01-06 11:15 6,144 -ra------ D:\WINDOWS\system32\kbdlv1.dll
2007-01-06 11:15 6,144 -ra------ D:\WINDOWS\system32\kbdlv.dll
2007-01-06 11:15 6,144 -ra------ D:\WINDOWS\system32\kbdhela2.dll
2007-01-06 11:15 6,144 -ra------ D:\WINDOWS\system32\kbdgkl.dll
2007-01-06 11:15 6,144 -ra------ D:\WINDOWS\system32\kbdest.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdro.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdpl1.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdmon.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdlt1.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdlt.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdkyr.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdhu1.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdhe319.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdhe220.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdhe.dll
2007-01-06 11:15 5,632 -ra------ D:\WINDOWS\system32\kbdazel.dll
2007-01-06 11:15 176,157 --a------ D:\WINDOWS\system32\dgrpsetu.dll
2007-01-06 11:15 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2007-01-06 11:14 9,936 --a------ D:\WINDOWS\system\LZEXPAND.DLL
2007-01-06 11:14 9,008 --a------ D:\WINDOWS\system\VER.DLL
2007-01-06 11:14 85,020 --a------ D:\WINDOWS\system32\dgsetup.dll
2007-01-06 11:14 82,944 --a------ D:\WINDOWS\system\OLECLI.DLL
2007-01-06 11:14 8,704 --a------ D:\WINDOWS\system32\batt.dll
2007-01-06 11:14 74,752 --a------ D:\WINDOWS\system32\storprop.dll
2007-01-06 11:14 69,584 --a------ D:\WINDOWS\system\AVICAP.DLL
2007-01-06 11:14 69,120 --a------ D:\WINDOWS\NOTEPAD.EXE
2007-01-06 11:14 68,768 --a------ D:\WINDOWS\system\MMSYSTEM.DLL
2007-01-06 11:14 5,120 --a------ D:\WINDOWS\system\SHELL.DLL
2007-01-06 11:14 32,816 --a------ D:\WINDOWS\system\COMMDLG.DLL
2007-01-06 11:14 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2007-01-06 11:14 24,064 --a------ D:\WINDOWS\system\OLESVR.DLL
2007-01-06 11:14 19,200 --a------ D:\WINDOWS\system\TAPI.DLL
2007-01-06 11:14 15,360 --a------ D:\WINDOWS\TASKMAN.EXE
2007-01-06 11:14 126,912 --a------ D:\WINDOWS\system\MSVIDEO.DLL
2007-01-06 11:14 11,264 --a------ D:\WINDOWS\system32\drivers\irenum.sys
2007-01-06 11:14 109,456 --a------ D:\WINDOWS\system\AVIFILE.DLL
2007-01-06 11:14 103,424 --a------ D:\WINDOWS\system32\EqnClass.Dll
2007-01-06 11:14 dr------- D:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-01-06 11:04 d-------- D:\WINDOWS\Provisioning
2007-01-06 11:04 d-------- D:\WINDOWS\PeerNet
2007-01-06 11:00 d-------- D:\WINDOWS\setup.pss
2007-01-06 10:27 d--h----- D:\WINDOWS\$xpsp1hfm$
2007-01-06 06:23 d-------- D:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-06 06:19 d-------- D:\WINDOWS\system32\bits
2007-01-06 06:17 d-------- D:\WINDOWS\SoftwareDistribution
2007-01-06 06:16 d---s---- D:\DOCUME~1\Andy\UserData
2007-01-06 06:10 d-------- D:\WINDOWS\Motive
2007-01-06 06:09 d-------- D:\Program Files\ntl
2007-01-06 06:09 d-------- D:\Program Files\Motive
2007-01-06 04:31 d-------- D:\Program Files\Xvid
2007-01-06 04:08 d--hs---- D:\RECYCLED
2007-01-06 03:14 d-------- D:\Games
2007-01-06 02:19 d-------- D:\WINDOWS\pss
2007-01-06 02:14 d-------- D:\Program Files\Common Files\Motive
2007-01-06 02:11 d-------- D:\WINDOWS\RegisteredPackages
2007-01-06 02:11 d-------- D:\Program Files\BroadJump
2007-01-06 02:07 d--hs---- D:\WINDOWS\Installer
2007-01-06 02:03 d--hs---- D:\System Volume Information
2007-01-06 02:03 d-------- D:\WINDOWS\Prefetch
2007-01-06 01:59 d-------- D:\WINDOWS\system32\xircom
2007-01-06 01:59 d-------- D:\Program Files\microsoft frontpage
2007-01-06 01:58 dr------- D:\WINDOWS\Offline Web Pages
2007-01-06 01:58 d--hs---- D:\DOCUME~1\ALLUSE~1\DRM
2007-01-06 01:58 d---s---- D:\WINDOWS\Downloaded Program Files
2007-01-06 01:57 d---s---- D:\WINDOWS\Tasks
2007-01-06 01:57 d-------- D:\WINDOWS\system32\Restore
2007-01-06 01:57 d-------- D:\WINDOWS\system32\Macromed
2007-01-06 01:57 d-------- D:\WINDOWS\system32\DirectX
2007-01-06 01:57 d-------- D:\WINDOWS\srchasst
2007-01-06 01:57 d-------- D:\WINDOWS\PCHEALTH
2007-01-06 01:57 d-------- D:\Program Files\Movie Maker
2007-01-06 01:57 d-------- D:\Program Files\Common Files\MSSoap
2007-01-06 01:56 d--h----- D:\Program Files\WindowsUpdate
2007-01-06 01:56 d-------- D:\WINDOWS\system32\MsDtc
2007-01-06 01:56 d-------- D:\WINDOWS\system32\Com
2007-01-06 01:56 d-------- D:\WINDOWS\Registration
2007-01-06 01:56 d-------- D:\Program Files\Windows NT
2007-01-06 01:56 d-------- D:\Program Files\Online Services
2007-01-06 01:56 d-------- D:\Program Files\MSN Gaming Zone
2007-01-06 01:56 d-------- D:\Program Files\Messenger
2007-01-06 01:51 d-------- D:\Program Files\Common Files\SpeechEngines
2007-01-06 01:51 d-------- D:\Program Files\Common Files\ODBC
2007-01-06 01:50 dr------- D:\DOCUME~1\ALLUSE~1\Documents
2007-01-06 01:50 d-------- D:\WINDOWS\system32\CatRoot2
2007-01-06 01:50 d-------- D:\WINDOWS\system32\CatRoot
2007-01-06 01:50 d-------- D:\Documents and Settings
2007-01-06 01:47 dr-hs---- D:\WINDOWS\system32\dllcache
2007-01-06 01:47 dr--s---- D:\WINDOWS\Fonts
2007-01-06 01:47 dr------- D:\WINDOWS\Web
2007-01-06 01:47 d--h----- D:\WINDOWS\inf
2007-01-06 01:47 d-------- D:\WINDOWS\WinSxS
2007-01-06 01:47 d-------- D:\WINDOWS\twain_32
2007-01-06 01:47 d-------- D:\WINDOWS\system32\wins
2007-01-06 01:47 d-------- D:\WINDOWS\system32\wbem
2007-01-06 01:47 d-------- D:\WINDOWS\system32\usmt
2007-01-06 01:47 d-------- D:\WINDOWS\system32\spool
2007-01-06 01:47 d-------- D:\WINDOWS\system32\ShellExt
2007-01-06 01:47 d-------- D:\WINDOWS\system32\Setup
2007-01-06 01:47 d-------- D:\WINDOWS\system32\ras
2007-01-06 01:47 d-------- D:\WINDOWS\system32\oobe
2007-01-06 01:47 d-------- D:\WINDOWS\system32\npp
2007-01-06 01:47 d-------- D:\WINDOWS\system32\mui
2007-01-06 01:47 d-------- D:\WINDOWS\system32\inetsrv
2007-01-06 01:47 d-------- D:\WINDOWS\system32\IME
2007-01-06 01:47 d-------- D:\WINDOWS\system32\icsxml
2007-01-06 01:47 d-------- D:\WINDOWS\system32\ias
2007-01-06 01:47 d-------- D:\WINDOWS\system32\export
2007-01-06 01:47 d-------- D:\WINDOWS\system32\drivers\etc
2007-01-06 01:47 d-------- D:\WINDOWS\system32\drivers\disdn
2007-01-06 01:47 d-------- D:\WINDOWS\system32\drivers
2007-01-06 01:47 d-------- D:\WINDOWS\system32\dhcp
2007-01-06 01:47 d-------- D:\WINDOWS\system32\config
2007-01-06 01:47 d-------- D:\WINDOWS\system32\3com_dmi
2007-01-06 01:47 d-------- D:\WINDOWS\system32\3076
2007-01-06 01:47 d-------- D:\WINDOWS\system32\2052
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1054
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1042
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1041
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1037
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1033
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1031
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1028
2007-01-06 01:47 d-------- D:\WINDOWS\system32\1025
2007-01-06 01:47 d-------- D:\WINDOWS\system32
2007-01-06 01:47 d-------- D:\WINDOWS\system
2007-01-06 01:47 d-------- D:\WINDOWS\security
2007-01-06 01:47 d-------- D:\WINDOWS\Resources
2007-01-06 01:47 d-------- D:\WINDOWS\repair
2007-01-06 01:47 d-------- D:\WINDOWS\mui
2007-01-06 01:47 d-------- D:\WINDOWS\msapps
2007-01-06 01:47 d-------- D:\WINDOWS\msagent
2007-01-06 01:47 d-------- D:\WINDOWS\Media
2007-01-06 01:47 d-------- D:\WINDOWS\java
2007-01-06 01:47 d-------- D:\WINDOWS\ime
2007-01-06 01:47 d-------- D:\WINDOWS\Help
2007-01-06 01:47 d-------- D:\WINDOWS\Driver Cache
2007-01-06 01:47 d-------- D:\WINDOWS\Debug
2007-01-06 01:47 d-------- D:\WINDOWS\Cursors
2007-01-06 01:47 d-------- D:\WINDOWS\Connection Wizard
2007-01-06 01:47 d-------- D:\WINDOWS\Config
2007-01-06 01:47 d-------- D:\WINDOWS\AppPatch
2007-01-06 01:47 d-------- D:\WINDOWS\addins
2007-01-06 01:47 d-------- D:\WINDOWS
2007-01-06 01:18 d-a------ D:\Program Files
2007-01-06 01:18 d-------- D:\My Downloads
2006-12-25 11:00 218,112 --a------ D:\Program Files\HijackThis.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-11 01:59 -------- d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\mozilla
2007-01-10 22:44 5208 --a------ D:\Program Files\hijackthis.log
2007-01-07 14:28 -------- d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\macromedia
2007-01-06 11:36 -------- d-------- D:\DOCUME~1\ANDY~1.HOM\Application Data\identities
2007-01-06 11:14 62 --ahs---- D:\DOCUME~1\ANDY~1.HOM\Application Data\desktop.ini
2007-01-06 11:14 -------- d---s---- D:\DOCUME~1\ANDY~1.HOM\Application Data\microsoft
2006-12-12 16:30 520192 --a------ D:\WINDOWS\system32\divxsm.exe
2006-12-12 16:30 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2006-12-12 16:30 200704 --a------ D:\WINDOWS\system32\ssldivx.dll
2006-12-12 16:30 1044480 --a------ D:\WINDOWS\system32\libdivx.dll
2006-12-12 16:25 806912 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 16:25 806912 --a------ D:\WINDOWS\system32\divx_xx07.dll
2006-12-12 16:25 790528 --a------ D:\WINDOWS\system32\divx_xx11.dll
2006-12-12 16:25 73728 --a------ D:\WINDOWS\system32\dpl100.dll
2006-12-12 16:25 635486 --a------ D:\WINDOWS\system32\divx.dll
2006-12-12 16:25 593920 --a------ D:\WINDOWS\system32\dpugui11.dll
2006-12-12 16:25 57344 --a------ D:\WINDOWS\system32\dpv11.dll
2006-12-12 16:25 53248 --a------ D:\WINDOWS\system32\dpugui10.dll
2006-12-12 16:25 344064 --a------ D:\WINDOWS\system32\dpus11.dll
2006-12-12 16:25 294912 --a------ D:\WINDOWS\system32\dpu11.dll
2006-12-12 16:25 294912 --a------ D:\WINDOWS\system32\dpu10.dll
2006-12-12 16:25 196608 --a------ D:\WINDOWS\system32\dtu100.dll
2006-12-12 16:24 12288 --a------ D:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 16:24 118784 --a------ D:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-11-16 19:47 524288 --a------ D:\WINDOWS\opuc.dll
2006-11-07 03:26 13312 --a------ D:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1245696 --a------ D:\WINDOWS\system32\msxml4.dll
2006-10-19 13:56 713216 --a------ D:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- D:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- D:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ D:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ D:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ D:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ D:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- D:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ D:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ D:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- D:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --------- D:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- D:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- D:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ D:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ D:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- D:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- D:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ D:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 38400 --------- D:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ D:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- D:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- D:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- D:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ D:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ D:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- D:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ D:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- D:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- D:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- D:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ D:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- D:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- D:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- D:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ D:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ D:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ D:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ D:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ D:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- D:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ D:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- D:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- D:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ D:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ D:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- D:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- D:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- D:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ D:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- D:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- D:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- D:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- D:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ D:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- D:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- D:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ D:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ D:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- D:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ D:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- D:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- D:\WINDOWS\system32\wpdshextautoplay.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"D:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BJCFD"="D:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\ntl\\BROADB~1\\SMARTB~1\\MotiveSB.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="D:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="D:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox Powerdesk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDesk"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\PDesk\\PDesk.exe /Autolaunch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntl Netguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rps"
"hkey"="HKLM"
"command"="D:\\Program Files\\ntl\\ntl Netguard\\Rps.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6220DMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDUiP6220DMon"
"hkey"="HKLM"
"command"="D:\\Program Files\\Canon\\Memory Card Utility\\iP6220D\\PDUiP6220DMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="D:\\PROGRA~1\\Nero\\data\\Xtras\\mssysmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\team remote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BOLD JOY BOLT"
"hkey"="HKCU"
"command"="D:\\DOCUME~1\\ANDY~1.HOM\\APPLIC~1\\OPTION~1\\BOLD JOY BOLT.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\AAC9AD1590DE5D5D.job
D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-14 0:52:30

HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 01:05:43, on 14/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ntl\ntl Netguard\fws.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Common Files\Command Software\dvpapi.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mgabg.exe
D:\WINDOWS\system32\svchost.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
D:\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - D:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - D:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - D:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - D:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - D:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
 
Save Share
Cookiegal

· Administrator
Joined
·
124,729 Posts
First Name -
Karen
#5 ·
Copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"

cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt

Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.
 
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #6 ·
Volume in drive D is WINDOWS XP
Volume Serial Number is 240B-08E0

Directory of D:\

12/01/2007 01:07 MYDOWN~1 My Downloads
06/01/2007 11:25 PROGRA~1 Program Files
06/01/2007 03:14 GAMES Games
06/01/2007 01:47 WINDOWS
06/01/2007 01:50 DOCUME~1 Documents and Settings
06/01/2007 15:54 3514ED~1 3514ed13d3b3d8dfc0fa9fdc09ed
06/01/2007 15:59 dell
09/01/2007 23:57 QUAKE3~1 Quake 3 Arena
11/01/2007 21:45 KPCMS
11/01/2007 21:46 PSFONTS
11/01/2007 23:37 DEMOAL~1 Demo Album
12/01/2007 04:12 CITYVIEW
14/01/2007 00:53 47,439 COMBOFIX.TXT ComboFix.txt
14/01/2007 02:51 254 direxie.bat
2 File(s) 47,693 bytes
12 Dir(s) 20,274,708,480 bytes free
Volume in drive D is WINDOWS XP
Volume Serial Number is 240B-08E0

Directory of D:\

12/01/2007 01:07 MYDOWN~1 My Downloads
06/01/2007 11:25 PROGRA~1 Program Files
06/01/2007 03:14 GAMES Games
06/01/2007 01:47 WINDOWS
06/01/2007 01:50 DOCUME~1 Documents and Settings
06/01/2007 15:54 3514ED~1 3514ed13d3b3d8dfc0fa9fdc09ed
06/01/2007 15:59 dell
09/01/2007 23:57 QUAKE3~1 Quake 3 Arena
11/01/2007 21:45 KPCMS
11/01/2007 21:46 PSFONTS
11/01/2007 23:37 DEMOAL~1 Demo Album
12/01/2007 04:12 CITYVIEW
14/01/2007 00:53 47,439 COMBOFIX.TXT ComboFix.txt
14/01/2007 02:51 254 direxie.bat
2 File(s) 47,693 bytes
12 Dir(s) 20,274,708,480 bytes free
Volume in drive D is WINDOWS XP
Volume Serial Number is 240B-08E0

Directory of D:\

12/01/2007 01:07 MYDOWN~1 My Downloads
06/01/2007 11:25 PROGRA~1 Program Files
06/01/2007 03:14 GAMES Games
06/01/2007 01:47 WINDOWS
06/01/2007 01:50 DOCUME~1 Documents and Settings
06/01/2007 15:54 3514ED~1 3514ed13d3b3d8dfc0fa9fdc09ed
06/01/2007 15:59 dell
09/01/2007 23:57 QUAKE3~1 Quake 3 Arena
11/01/2007 21:45 KPCMS
11/01/2007 21:46 PSFONTS
11/01/2007 23:37 DEMOAL~1 Demo Album
12/01/2007 04:12 CITYVIEW
14/01/2007 00:53 47,439 COMBOFIX.TXT ComboFix.txt
14/01/2007 02:51 254 direxie.bat
2 File(s) 47,693 bytes
12 Dir(s) 20,274,708,480 bytes free
 
Save Share
Cookiegal

· Administrator
Joined
·
124,729 Posts
First Name -
Karen
#7 ·
Sorry, I forgot to alter the batch to correspond to your drive letter.

Please repeat the above but using this text please:

cd\
cd D:\Documents and Settings\%UserName%\Application Data
dir /x > D:\directory.txt
cd D:\Documents and Settings\All Users\Application Data
dir /x >> D:\directory.txt
cd D:\Program Files
dir /x >> D:\directory.txt
start notepad D:\directory.txt
Click to expand...
 
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #8 ·
Volume in drive D is WINDOWS XP
Volume Serial Number is 240B-08E0

Directory of D:\Documents and Settings\Andy\Application Data

06/01/2007 02:07 .
06/01/2007 02:07 ..
06/01/2007 02:07 IDENTI~1 Identities
06/01/2007 06:16 MACROM~1 Macromedia
0 File(s) 0 bytes
4 Dir(s) 20,177,977,344 bytes free
Volume in drive D is WINDOWS XP
Volume Serial Number is 240B-08E0

Directory of D:\Documents and Settings\All Users\Application Data

06/01/2007 01:50 .
06/01/2007 01:50 ..
06/01/2007 06:23 WINDOW~1 Windows Genuine Advantage
0 File(s) 0 bytes
3 Dir(s) 20,177,977,344 bytes free
Volume in drive D is WINDOWS XP
Volume Serial Number is 240B-08E0

Directory of D:\Program Files

06/01/2007 01:18 .
06/01/2007 01:18 ..
06/01/2007 01:51 COMMON~1 Common Files
06/01/2007 01:56 WINDOW~1 Windows NT
06/01/2007 01:56 MSNGAM~1 MSN Gaming Zone
06/01/2007 01:56 MSN
06/01/2007 01:56 MESSEN~1 Messenger
06/01/2007 01:56 ONLINE~1 Online Services
06/01/2007 01:56 COMPLU~1 ComPlus Applications
06/01/2007 01:57 INTERN~1 Internet Explorer
06/01/2007 01:57 OUTLOO~1 Outlook Express
06/01/2007 01:57 NETMEE~1 NetMeeting
06/01/2007 01:57 WINDOW~3 Windows Media Player
06/01/2007 01:57 MOVIEM~1 Movie Maker
06/01/2007 01:59 MICROS~1 microsoft frontpage
06/01/2007 01:59 xerox
06/01/2007 04:31 XVID Xvid
06/01/2007 02:12 BROADJ~1 BroadJump
06/01/2007 06:09 MOTIVE Motive
06/01/2007 06:09 ntl
06/01/2007 10:24 WINRAR WinRAR
06/01/2007 14:58 SOPCAST SopCast
06/01/2007 15:14 AC3FIL~1 AC3Filter
06/01/2007 15:15 QUICKT~1 QuickTime
06/01/2007 15:54 MSXML4~1.0 MSXML 4.0
06/01/2007 16:43 WINDOW~4 Windows Media Connect 2
06/01/2007 17:14 MICROS~2 Microsoft Office
06/01/2007 17:14 MICROS~3 Microsoft Visual Studio
06/01/2007 17:15 MICROS~4 Microsoft Works
06/01/2007 17:16 MI3AA1~1 Microsoft ActiveSync
06/01/2007 17:45 INCRED~1 Incredible Technologies
07/01/2007 01:05 DIVX DivX
08/01/2007 11:51 GAMESP~1 GameSpy Arcade
08/01/2007 12:09 CANON Canon
08/01/2007 13:13 directx
08/01/2007 16:28 CREATIVE Creative
08/01/2007 16:30 GTGTOO~1 GTG Toolbar
08/01/2007 18:18 LAVALYS Lavalys
08/01/2007 18:25 BELARC Belarc
09/01/2007 18:59 MSNMES~1 MSN Messenger
09/01/2007 19:32 GRISOFT Grisoft
10/01/2007 17:03 FRESHD~1 FreshDevices
10/01/2007 20:15 218,112 HIJACK~1.EXE HijackThis.exe
14/01/2007 01:05 4,319 HIJACK~1.LOG hijackthis.log
10/01/2007 20:18 backups
10/01/2007 20:21 WIFD1F~1 Windows Defender
10/01/2007 21:29 LAVASOFT Lavasoft
10/01/2007 23:58 ADOBE Adobe
11/01/2007 01:59 MOZILL~1 Mozilla Firefox
11/01/2007 13:53 JAVA Java
11/01/2007 21:45 PHOTOD~1.0 PhotoDeluxe HE 3.0
11/01/2007 21:45 IMAGES~1 ImageServer
11/01/2007 21:46 ADOBET~1 Adobe Type Manager
11/01/2007 23:22 AHEAD Ahead
11/01/2007 23:36 NERO Nero
12/01/2007 15:02 TUNEUP~1 TuneUp Utilities 2006
2 File(s) 222,431 bytes
56 Dir(s) 20,177,977,344 bytes free
 
Save Share
Cookiegal

· Administrator
Joined
·
124,729 Posts
First Name -
Karen
#9 ·
Well, we're not going to get the information I'm looking for that way and I believe it's because of the dot in the user name.

Copy everything inside the quote box below (starting with @)and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as remlop.bat on your desktop.

@echo off
cd D:\WINDOWS\Tasks
attrib -r -s -h AAC9AD1590DE5D5D.job
del AAC9AD1590DE5D5D.job
exit
Click to expand...
Double-click remlop.bat A window will open a close quickly, this is normal.

Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now boot to safe mode and search for this file:

BOLD JOY BOLT.exe

It will be at: D:\DOCUMENTS AND SETTINGS\ANDY~1.HOM\\APPLICATION DATA in a folder name that starts with these six letters OPTION . Once you locate it, delete the file and let me know what the exact name of the folder is please.
 
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #10 ·
only location for the file was in D:\Windows\prefetch

the file name was BOLD JOY BOLD.EXE-119C7118.pf which I deleted
 
Save Share
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #12 ·
I really don't know!!! The folder doesn't seem to be anything of importance in it.
Want me to delete it? I'm wonndering if it's left from after a re-install of XP?
 
Save Share
moozer

· Registered
Joined
·
797 Posts
Discussion Starter · #13 ·
Everything seems to be fine now Cookiegal. No pop-ups at all and the blockers are catching everything at the moment.
 
Save Share
1 - 14 of 14 Posts
Status
Not open for further replies.
About this Discussion
13 Replies
2 Participants
Last post:
Cookiegal
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top