Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 23 Posts

·
Registered
Joined
·
164 Posts
Discussion Starter · #1 ·
Hey guys,

the pop-ups are killing me. Getting them from WinAntiVirus, Error Safe, Drive Cleaner and several others. I've looked at some entries here, and the first step seemed to be doing an HJT scan of my system. Here is the log from that scan. Any help is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:15:58 AM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\COMPAQ~2\Presario\XPHNARS4EN\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\COMPAQ~2\Presario\XPHNARS4EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166844535421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166844516828
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab
O20 - AppInit_DLLs: ?A ??
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 

·
Retired Moderator
Joined
·
84,301 Posts
Hi and welcome to TSG

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

·
Registered
Joined
·
164 Posts
Discussion Starter · #4 ·
I've tried several times to conduct the Panda Activescan, but I get an error message each time. One of the suggested reasons is my PC won't let the program's ActiveX program to download. Any suggestions?
 

·
Retired Moderator
Joined
·
84,301 Posts
Skip it, do the AVG scan - then do this......

Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don’t do anything with it yet!

Click here for info on how to boot to safe mode if you don't already know how.

Reboot into Safe Mode.

Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot back to Normal Mode!

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
 

·
Retired Moderator
Joined
·
84,301 Posts
* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..
 

·
Registered
Joined
·
164 Posts
Discussion Starter · #8 ·
I did the BitDefender scan, but I keep getting an error message saying it is too long (38,159 characters) and it needs to be shortened. Here is the HJT Log after I completed the BitDefender Scan

Logfile of HijackThis v1.99.1
Scan saved at 3:06:24 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\COMPAQ~2\Presario\XPHNARS4EN\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\COMPAQ~2\Presario\XPHNARS4EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166844535421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166844516828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab
O20 - AppInit_DLLs: ?A ??
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 

·
Registered
Joined
·
164 Posts
Discussion Starter · #11 ·
BitDefender Part I

BitDefender Online Scanner -Scan Report



BitDefender
Online Scanner












Scan report generated
at: Thu, Jan 11, 2007 - 14:02:06
















Scan
path:
C:\;D:\;E:\;F:\;G:\;H:\;I:\;
























Statistics



Time



02:08:25



Files



528549



Folders



6812



Boot Sectors



3



Archives



14218



Packed Files



47022












Results



Identified Viruses



3



Infected Files



20



Suspect Files



0



Warnings



0



Disinfected



0



Deleted Files



38












Engines Info



Virus Definitions



369545



Engine build



AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)



Scan plugins



14



Archive plugins



38



Unpack plugins



6



E-mail plugins



6



System plugins



1









 

·
Registered
Joined
·
164 Posts
Discussion Starter · #12 ·
BitDefender Part II

[TR]
[TD]


Scan Settings



First Action



Disinfect



Second Action



Delete



Heuristics



Yes



Enable Warnings



Yes



Scanned Extensions



*;



Exclude Extensions







Scan Emails



Yes



Scan Archives



Yes



Scan Packed



Yes



Scan Files



Yes



Scan Boot



Yes

[/TD]
[TD]



[/TD]
[TD]



[/TD]
[/TR]

[TR]
[TD]


Scanned File



Status



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03280000\47AA00ED.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03280000\47AA00ED.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03280000\47AA00ED.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03280001\47AA011F.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03280001\47AA011F.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03280001\47AA011F.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400000\4FD87B10.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400000\4FD87B10.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400000\4FD87B10.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400001\4FD87B1E.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400001\4FD87B1E.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400001\4FD87B1E.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400002\4FD87B2B.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400002\4FD87B2B.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400002\4FD87B2B.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400003\4FD87B38.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400003\4FD87B38.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400003\4FD87B38.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400004\4FD87B45.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400004\4FD87B45.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400004\4FD87B45.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400005\4FD87B53.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400005\4FD87B53.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400005\4FD87B53.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400006\4FD87B60.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400006\4FD87B60.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400006\4FD87B60.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400007\4FD87B6D.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400007\4FD87B6D.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400007\4FD87B6D.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400008\4FD87B7A.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400008\4FD87B7A.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400008\4FD87B7A.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400009\4FD87B87.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400009\4FD87B87.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400009\4FD87B87.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000A\4FD87B95.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000A\4FD87B95.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000A\4FD87B95.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000B\4FD87BA2.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000B\4FD87BA2.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000B\4FD87BA2.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000C\4FD87BAF.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000C\4FD87BAF.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000C\4FD87BAF.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000D\4FD87BBC.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000D\4FD87BBC.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000D\4FD87BBC.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000E\4FD87BCA.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000E\4FD87BCA.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000E\4FD87BCA.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000F\4FD87BD7.VBN=>(Quarantine-PE)



Infected with: Trojan.Downloader.Winfixer.O



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000F\4FD87BD7.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B40000F\4FD87BD7.VBN=>(Quarantine-PE)



Deleted



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip=>Dummy.class



Infected with: Java.Trojan.Exploit.Bytverify



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip=>Dummy.class



Disinfection failed



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip=>Dummy.class



Deleted



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip



Updated



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip=>Matrix.class



Infected with: Java.Trojan.Downloader.OpenStream.C



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip=>Matrix.class



Disinfection failed



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip=>Matrix.class



Deleted



C:\RECYCLER\S-1-5-21-3591285746-3344278192-2067508497-1003\Dc7\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-1cac1a86.zip



Updated

[/TD]

[TD]



[/TD]
[/TR]

[TR]
[TD]



[/TD]
[TD]



[/TD]
[TD]



[/TD]
[/TR]

[TR]
[TD]



[/TD]
[TD]



[/TD]
[TD]



[/TD]
[/TR]

[/TABLE]
 

·
Retired Moderator
Joined
·
84,301 Posts
Download Combofix to your desktop:

* Double-click Combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not mouse click Combofix's window while it's running. That may cause it to stall.
 

·
Registered
Joined
·
164 Posts
Discussion Starter · #14 ·
ComboFix Report

"Owner" - 07-01-14 11:15:43 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\Owner\Desktop\VIRUS STUFF"

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))

2007-01-13 18:07 d-------- C:\DOCUME~1\Owner\Application Data\HP
2007-01-13 18:07 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\HP
2007-01-13 18:05 d-------- C:\Program Files\Common Files\HP
2007-01-13 18:02 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-01-13 18:01 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-01-13 18:01 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-01-13 18:00 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-01-13 18:00 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2007-01-13 17:59 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-01-13 17:59 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-01-13 17:59 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-01-13 17:59 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-01-13 17:59 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-01-13 17:59 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-01-13 17:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-11 21:27 d-------- C:\DOCUME~1\Owner\Application Data\Viewpoint
2007-01-11 11:50 d-------- C:\WINDOWS\BDOSCAN8
2007-01-10 03:07 d-------- C:\WINDOWS\ie7updates
2007-01-07 15:02 d-------- C:\WINDOWS\system32\ActiveScan
2007-01-07 12:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-07 12:25 d-------- C:\Program Files\Grisoft
2007-01-07 11:15 d-------- C:\Program Files\Hijackthis
2007-01-02 18:48 d-------- C:\WINDOWS\pss
2007-01-02 11:44 d-------- C:\WINDOWS\WBEM
2007-01-02 11:44 d-------- C:\WINDOWS\system32\en-US
2007-01-02 11:42 d--h-c--- C:\WINDOWS\ie7
2007-01-02 11:41 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-02 11:40 d-------- C:\WINDOWS\network diagnostic
2007-01-02 03:06 d-------- C:\Program Files\MSXML 4.0
2007-01-02 03:05 d-------- C:\686b19d9a4c257e084
2007-01-01 15:08 d-------- C:\WINDOWS\Prefetch
2006-12-30 14:25 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-12-30 14:25 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2006-12-30 14:25 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2006-12-30 14:25 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2006-12-30 14:25 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-12-30 14:25 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2006-12-30 14:25 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-12-30 14:25 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-12-30 14:25 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-12-30 14:25 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-12-30 14:25 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-12-30 14:25 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2006-12-30 14:25 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-12-30 14:25 44,032 --------- C:\WINDOWS\system32\twext.dll
2006-12-30 14:25 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-12-30 14:25 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-12-30 14:25 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-12-30 14:25 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-12-30 14:25 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-12-30 14:25 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-30 14:25 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-12-30 14:25 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-12-30 14:25 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-12-30 14:25 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-12-30 14:25 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-12-30 14:25 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2006-12-30 14:25 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-12-30 14:25 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2006-12-30 14:25 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-12-30 14:25 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2006-12-30 14:25 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2006-12-30 14:25 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-12-30 14:25 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-12-30 14:25 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-12-30 14:25 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2006-12-30 14:25 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-12-30 14:25 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-30 14:25 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-12-30 14:25 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-12-30 14:25 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-12-30 14:25 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-12-30 14:25 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-12-30 14:25 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-12-30 14:25 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-12-30 14:25 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-12-30 14:25 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-12-30 14:24 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2006-12-30 14:24 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2006-12-30 14:24 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2006-12-30 14:24 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-12-30 14:24 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-12-30 14:24 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2006-12-30 14:24 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2006-12-30 14:24 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2006-12-30 14:24 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2006-12-30 14:24 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2006-12-30 14:24 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-12-30 14:24 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2006-12-30 14:24 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2006-12-30 14:24 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2006-12-30 14:24 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2006-12-30 14:24 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2006-12-30 14:24 59,392 --------- C:\WINDOWS\system32\logman.exe
2006-12-30 14:24 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2006-12-30 14:24 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2006-12-30 14:24 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2006-12-30 14:24 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2006-12-30 14:24 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-12-30 14:24 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-12-30 14:24 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2006-12-30 14:24 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-12-30 14:24 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2006-12-30 14:24 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-30 14:24 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-12-30 14:24 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-12-30 14:24 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2006-12-30 14:24 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-12-30 14:24 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-12-30 14:24 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-12-30 14:24 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-12-30 14:24 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-12-30 14:24 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-12-30 14:24 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2006-12-30 14:24 116,224 --------- C:\WINDOWS\system32\p2p.dll
2006-12-30 14:24 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-12-30 14:24 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-12-30 14:24 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-12-30 14:24 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-12-30 14:24 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-12-30 14:23 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-12-30 14:23 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-12-30 14:23 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2006-12-30 14:23 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-30 14:23 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-12-30 14:23 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-12-30 14:23 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2006-12-30 14:23 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-12-30 14:23 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-12-30 14:23 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-12-30 14:23 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-12-30 14:23 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2006-12-30 14:23 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-12-30 14:23 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-12-30 14:23 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-12-30 14:23 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-12-30 14:23 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-12-30 14:23 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-12-30 14:23 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-12-30 14:23 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-12-30 14:23 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-12-30 14:23 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-12-30 14:23 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-12-30 14:23 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-12-30 14:23 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-12-30 14:23 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-12-30 14:23 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-12-30 14:23 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-12-30 14:23 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-12-30 14:23 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-12-30 14:23 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-12-30 14:23 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-12-30 14:23 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-12-30 14:23 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-12-30 14:23 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-12-30 14:23 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-12-30 14:23 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-12-30 14:23 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-12-30 14:23 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-12-30 14:23 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-12-30 14:23 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-12-30 14:23 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-12-30 14:23 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-12-30 14:23 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-12-30 14:23 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2006-12-30 14:23 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-12-30 14:23 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-12-30 14:23 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-12-30 14:23 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-12-30 14:23 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-12-30 14:23 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-12-30 14:23 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-12-30 14:23 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-12-30 14:23 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2006-12-30 14:23 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-12-30 14:23 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-12-30 14:23 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-12-30 14:23 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2006-12-30 14:23 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-12-30 14:23 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-12-30 14:23 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-12-30 14:23 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-12-30 14:23 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-12-30 14:23 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-12-30 14:23 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2006-12-27 21:13 d-------- C:\Program Files\Common Files\Scanner
2006-12-27 21:13 d-------- C:\Program Files\CA
2006-12-27 21:13 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2006-12-27 18:29 d--h----- C:\WINDOWS\PIF
2006-12-27 18:23 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-27 18:23 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-27 18:23 d-------- C:\Program Files\Symantec AntiVirus
2006-12-25 18:58 d-------- C:\DOCUME~1\Owner\Application Data\acccore
2006-12-25 18:57 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2006-12-25 18:56 d-------- C:\Program Files\AIM6
2006-12-23 23:08 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-12-23 14:51 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-12-23 14:51 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-12-23 14:15 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-12-23 14:15 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-12-23 14:15 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-12-23 14:15 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2006-12-23 14:15 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-12-23 14:15 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-12-23 14:15 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-12-23 14:15 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-12-23 14:15 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-12-23 14:15 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-12-23 14:15 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-12-23 14:15 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-12-23 14:15 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-12-23 14:15 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-12-23 14:15 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-12-23 14:15 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-12-23 14:15 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2006-12-23 14:15 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-12-23 13:48 d-------- C:\DOCUME~1\Owner\Application Data\Lavasoft
2006-12-23 13:47 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2006-12-23 00:16 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-12-22 21:54 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-12-22 21:50 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-22 21:50 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-12-22 21:50 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-22 21:41 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll
2006-12-22 21:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-22 21:36 d-------- C:\WINDOWS\system32\PreInstall
2006-12-22 21:34 d-------- C:\WINDOWS\system32\bits
2006-12-22 21:33 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-12-22 21:33 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-12-22 21:33 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-12-22 21:33 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-22 21:29 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-12-22 21:29 d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-21 14:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-12-21 14:51 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-12-18 12:48 63 --a------ C:\WINDOWS\system\SysSD.dll
2006-12-18 12:48 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-18 12:48 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-12-18 12:48 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-12-18 12:48 1,032,192 --a------ C:\WINDOWS\system32\VchReg.dll
2006-12-18 12:48 d-------- C:\Program Files\SpywareDetector

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-13 18:06 -------- d-------- C:\Program Files\hp
2007-01-10 20:42 -------- d-------- C:\Program Files\viewpoint
2007-01-09 22:03 -------- d-------- C:\Program Files\itunes
2007-01-06 17:21 -------- d-------- C:\Program Files\limewire
2007-01-02 03:15 -------- d-------- C:\Program Files\messenger
2007-01-01 12:54 -------- d-------- C:\Program Files\movie maker
2007-01-01 12:53 -------- d-------- C:\Program Files\windows nt
2006-12-30 13:55 -------- d-------- C:\Program Files\Common Files\real
2006-12-30 13:55 -------- d-------- C:\DOCUME~1\Owner\Application Data\real
2006-12-27 21:17 -------- d-------- C:\Program Files\lavasoft
2006-12-27 21:03 -------- d-------- C:\Program Files\symnetdrv
2006-12-27 20:57 -------- d-------- C:\Program Files\quicktime
2006-12-27 18:44 -------- d-------- C:\Program Files\jiwub
2006-12-27 18:25 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-27 18:24 -------- d-------- C:\Program Files\symantec
2006-12-27 18:06 -------- d-------- C:\Program Files\norton antivirus
2006-12-27 09:38 -------- d-------- C:\Program Files\Common Files\aol
2006-12-24 09:55 -------- d-------- C:\Program Files\google
2006-12-23 10:56 -------- d-------- C:\Program Files\irfanview
2006-12-10 13:16 -------- d--h----- C:\Program Files\installshield installation information
2006-12-10 13:16 -------- d-------- C:\Program Files\logitech
2006-12-10 13:16 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-07 00:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-02 00:36 -------- d-------- C:\Program Files\winbudget
2006-11-26 10:51 -------- d-------- C:\Program Files\quicken
2006-11-22 18:51 -------- d-------- C:\DOCUME~1\Owner\Application Data\myspace
2006-11-22 18:50 -------- d-------- C:\Program Files\myspace
2006-11-16 19:30 -------- d-------- C:\DOCUME~1\Owner\Application Data\adobeum
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"Acme.PCHButton"="C:\\PROGRA~1\\COMPAQ~2\\Presario\\XPHNARS4EN\\plugin\\bin\\PCHButton.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Enterprise"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"ERS_check"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\""
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust PestPatrol\\PPActiveDetection.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

Completion time: 07-01-14 11:20:13
 

·
Registered
Joined
·
164 Posts
Discussion Starter · #16 ·
I was able to delete C:\Program Files/jiwub, but not C:\Program Filesk\viewpoint. I got an error message that said "Can't delete ViewpointService.exe. Access Denied." Is there another way to delete it?
 

·
Registered
Joined
·
164 Posts
Discussion Starter · #17 ·
BTW, are the problems I'm having related to the XP Service pack 2 that I downloaded as part of a MicroSoft update? Whenever these pop ups occur, if I'm browsing the Internet, for some reason the Internet Explorer window closes.
 

·
Registered
Joined
·
164 Posts
Discussion Starter · #20 ·
I haven't received any since I deleted the files. Should that also take care of Explorer automatically shutting down. What would you recommend for anti-spy: Pest Patrol or AVG? Also, should I keep the different programs I downloaded during this process, or go ahead and delete them? I really appreciate your help with this.
 
1 - 20 of 23 Posts
Status
Not open for further replies.
Top