Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantispyware


  • This topic is locked This topic is locked
12 replies to this topic

#1 tina326

tina326

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 29 August 2007 - 05:05 PM

I don't know a lot about computers but I know something is very wrong. I have multi pop ups to winantispyware.com, outerinfo.com, broadcast.com, errorprotector.com, and others that I can't remember. I also keep getting an error that looks like an explorer error saying server busy/retry or switch to. I hope this is enough information. Please help me. I will probably need very basic step by step instructions. Sorry.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:52 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\yjjqbvsf.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\HP_Owner\My Documents\s?mbols\l?ass.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f810.mail.yahoo.com/ym/ShowFolde...ew=a&head=b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168109505265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yjjqbvsf.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtekedezu.html

--
End of file - 7160 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:51 PM

Posted 29 August 2007 - 06:54 PM

Hello tina326,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 tina326

tina326
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 29 August 2007 - 09:08 PM

This is the log from Combo Fix:


ComboFix 07-08-30.2 - "HP_Owner" 2007-08-29 20:41:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.381 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\HP_Owner\APPLIC~1\fnts~1
C:\DOCUME~1\HP_Owner\MYDOCU~1\smbols~1
C:\Program Files\MSN Gaming Zone\mewe22011.exe
C:\Program Files\Online Services\rtekedezu.html
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\WINDOWS\system32\bkebtfmv.dll
C:\WINDOWS\system32\cxqb.dll
C:\WINDOWS\system32\kyhxafxj.exe
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak2
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\llnmp.tmp
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pwomihsu.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wbjasovf.exe
C:\WINDOWS\system32\yjjqbvsf.exe
C:\WINDOWS\wr.txt
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\ApiMon
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-29 20:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-27 20:44 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Ahead
2007-08-27 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-27 19:10 <DIR> d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\Azureus
2007-08-27 18:38 <DIR> d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\DivX
2007-08-27 10:14 <DIR> d-------- C:\Program Files\ESTsoft
2007-08-27 10:14 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\ESTsoft
2007-08-27 08:45 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-08-27 08:35 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-27 08:31 81,342 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-08-27 08:31 46,080 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-08-27 08:31 39,936 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-08-27 08:31 36,864 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-08-27 08:31 299,008 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-08-26 17:07 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\vlc
2007-08-26 13:14 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-26 04:32 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\DivX
2007-08-25 14:19 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-25 13:00 <DIR> d-------- C:\WINDOWS\ufro
2007-08-25 01:07 <DIR> d-------- C:\Program Files\Black Isle
2007-08-22 09:28 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\BitTorrent
2007-08-22 09:27 <DIR> d-------- C:\Program Files\BitTorrent
2007-08-22 09:01 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Azureus
2007-08-22 09:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-22 09:00 <DIR> d-------- C:\Program Files\Azureus
2007-08-21 22:20 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-08-21 22:19 <DIR> d-------- C:\Program Files\DivX
2007-08-18 22:15 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\SecondLife
2007-08-18 11:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-08-17 21:06 <DIR> d-------- C:\Program Files\Google
2007-08-17 21:06 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Google
2007-08-17 15:15 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2007-08-17 15:15 43,387 --a------ C:\WINDOWS\browser.exe
2007-08-17 15:15 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2007-08-17 15:15 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2007-08-17 15:15 <DIR> d-------- C:\WINDOWS\Motive
2007-08-17 15:14 <DIR> d-------- C:\Program Files\SBC Self Support Tool
2007-08-17 15:14 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-08-17 15:03 <DIR> d-------- C:\Program Files\BroadJump
2007-08-17 14:44 266,240 --------- C:\WINDOWS\SBCDSL.exe
2007-08-14 14:34 270,336 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-08-14 14:34 151,552 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-08-14 14:33 453,120 --a------ C:\WINDOWS\system32\ltkrn13n.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-29 20:38 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-28 21:24 --------- d-------- C:\DOCUME~1\Tasha\APPLIC~1\LimeWire
2007-08-27 21:40 --------- d-------- C:\Program Files\Kids Cam Sticker Factory
2007-08-27 21:38 --------- d-------- C:\Program Files\Microsoft Small Business
2007-08-27 21:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-19 23:51 --------- d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\LimeWire
2007-08-18 14:38 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Motive
2007-08-16 10:30 --------- d-------- C:\Program Files\Common Files\EasyInfo
2007-07-28 18:48 --------- d-------- C:\Program Files\Yahoo!
2007-07-25 22:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-25 21:53 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-25 21:53 43528 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-25 21:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-25 21:53 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 21:53 120056 --a--c--- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-25 21:53 118520 --a--c--- C:\WINDOWS\system32\pxinsi64.exe
2007-07-25 21:53 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-25 21:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-25 21:50 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-25 21:50 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-25 21:50 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-25 21:50 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-25 21:50 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-25 21:50 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-25 21:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-25 21:49 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-23 09:41 --------- d-------- C:\Program Files\EA GAMES
2007-07-09 14:55 --------- d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\U3
2007-07-03 16:44 64000 --a------ C:\WINDOWS\system32\ALZALZ.BIN
2007-07-03 16:44 44544 --a------ C:\WINDOWS\system32\ALZZip.BIN
2007-06-05 16:05 42 --a------ C:\WINDOWS\Pt.dll
2001-10-16 08:10 61440 --a------ C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 08:58 36864 --a------ C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 08:00 139264 --a------ C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 08:11 167936 --a------ C:\WINDOWS\inf\i386\viceo.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD425E38-55A3-4213-80B0-237BBAE92497}]
C:\Program Files\Online Services\qubapige.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c7833be6-82ec-4c1c-a8ac-7ef364d225fd}]
C:\WINDOWS\system32\ebucbhb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-25 14:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-06-19 22:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Online Services\rtekedezu.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttqn]
wvuttqn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk
backup=C:\WINDOWS\pss\Check for OneTouch Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXDL.EXE]
C:\Program Files\Cosmi\HelpExpress\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" -run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kyv]
"C:\Documents and Settings\HP_Owner\My Documents\s?mbols\l?ass.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mewe]
C:\Program Files\MSN Gaming Zone\mewe22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N91M2703]
"C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]
"C:\WINDOWS\poolsv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srro]
"C:\DOCUME~1\HP_Owner\APPLIC~1\FNTS~1\services.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.2\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"VETMSGNT"=3 (0x3)
"SQLWriter"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)
"SymWSC"=2 (0x2)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"CAISafe"=2 (0x2)
"MSDTC"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"wuauserv"=3 (0x3)
"WZCSVC"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SSDPSRV"=3 (0x3)
"HidServ"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"TrkWks"=2 (0x2)
"AppMgmt"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aspnet_state"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Proemsutqdq"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVGEMS"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Schedule"=3 (0x3)
"Messenger"=3 (0x3)

S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 SQTECH913D;913D Camera;C:\WINDOWS\system32\Drivers\Capt913D.sys
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
S4 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b9df98c-e948-11db-9270-ea524577c6a4}]
AutoRun\command- setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2004-08-12 06:16:38 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-29 20:56:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-29 21:00:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-29 21:00

--- E O F ---



And the Hijackthis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:22 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f810.mail.yahoo.com/ym/ShowFolde...ew=a&head=b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: 0 - {AD425E38-55A3-4213-80B0-237BBAE92497} - C:\Program Files\Online Services\qubapige.dll (file missing)
O2 - BHO: (no name) - {c7833be6-82ec-4c1c-a8ac-7ef364d225fd} - C:\WINDOWS\system32\ebucbhb.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168109505265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - Winlogon Notify: wvuttqn - wvuttqn.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtekedezu.html

--
End of file - 7517 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:51 PM

Posted 30 August 2007 - 02:55 PM

Hello,

Before beginning, you may want to save these instructions to Notepad or print them out for easier reference.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: 0 - {AD425E38-55A3-4213-80B0-237BBAE92497} - C:\Program Files\Online Services\qubapige.dll (file missing)
O2 - BHO: (no name) - {c7833be6-82ec-4c1c-a8ac-7ef364d225fd} - C:\WINDOWS\system32\ebucbhb.dll (file missing)
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized <----it's never good to have P2P programs running at startup!!
O20 - Winlogon Notify: wvuttqn - wvuttqn.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtekedezu.html


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following file:

C:\Program Files\Online Services\rtekedezu.html

Then Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Reboot your computer.

Use Cleanmgr to clean temporary files:

1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

I see you have AVG AntiSpyware. Please be sure it's fully updated and run a scan for me, and save the report. Please post that report in your reply along with a new HijackThis log. Please let me know how it's running now as well. I've tried to be as simple and clear as I could be, but if you have any trouble with any of this, please feel free to ask. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 tina326

tina326
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 30 August 2007 - 05:10 PM

I followed the steps and did not find C:\Program Files\Online Services\rtekedezu.html. The Desktop items only had "my current homepage". I did find all of the R1-O24 items and followed the instructions. Thank you for the easy instructions. I hope I did it right. So far, I haven't had any more problems. Maybe it's fixed? Thank you so much for your help and patience, I know you must be super busy.

AVG virus results:

object result status
C:.\WINDOWS\system32\drivers\ect\hosts change changed
c:\QooBox\Quarantine\C\WINDOWS\system32\bkebtfmv.dll.vir deleted



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:41 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f810.mail.yahoo.com/ym/ShowFolde...ew=a&head=b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168109505265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

--
End of file - 6572 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:51 PM

Posted 30 August 2007 - 05:51 PM

Hello,

Looks like you did just fine. :thumbsup:

Could I please see an uninstall list?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 tina326

tina326
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 30 August 2007 - 06:04 PM

You must've worked with "special" people before. I actually understand what you tell me to do!

15,000 Recipes
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop CS
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
ALUpdate
ALZip
AT&T Self Support Tool
AT&T Yahoo! Applications
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 7.5
AVG Anti-Spyware 7.5
Azureus Vuze
BitTorrent 5.0.8
BroadJump Client Foundation
CEP - Color Enable Package
CIF Dual-Mode Camera
Cosmo Virtual Makeover 2
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
Google Earth
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Image Zone Plus 4.2
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 4.0
HP Software Update
HPIZ402
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2_03
KBD
LimeWire 4.12.11
LiveUpdate 1.90 (Symantec Corporation)
MegaCam
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Small Business Connectivity Components
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
MyDSC2
MySpaceIM
Norton Security Center
Norton WMI Update
NovaNET Multimedia Courseware Release Version 14.0
OneTouch Version 3.0
PaperPort 7.02
PC-Doctor for Windows
Personal Ancestral File 5
PhoTags Express
Photosmart 320,370,7400,8100,8400 Series
Portal 3.3.5
PS2
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Sonic RecordNow!
The Print Shop Premier Edition 5.0
The Sims 2
The Sims 2 Open For Business
Total 3D Home Deluxe
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 5 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update Manager
Updates from HP
VideoLAN VLC media player 0.8.5
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:51 PM

Posted 30 August 2007 - 07:54 PM

Hello,

Thanks for that. :thumbsup: Do you use Norton/Symantec at all? If not, please click the following link :
The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
You've been doing great! :flowers:

Please run ComboFix again. We may still have more to do. In your reply, please post the new ComboFix report, and let me know how it's running.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 tina326

tina326
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 31 August 2007 - 12:17 AM

I haven't had any problems whatsoever. My computer seems to be fine now. It starts quickly and no more pop ups. Again, thank you so much!





ComboFix 07-08-30.2 - "HP_Owner" 2007-08-31 0:05:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.456 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-29 20:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-27 20:44 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Ahead
2007-08-27 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-27 19:10 <DIR> d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\Azureus
2007-08-27 18:38 <DIR> d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\DivX
2007-08-27 10:14 <DIR> d-------- C:\Program Files\ESTsoft
2007-08-27 10:14 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\ESTsoft
2007-08-27 08:45 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-08-27 08:35 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-27 08:31 81,342 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-08-27 08:31 46,080 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-08-27 08:31 39,936 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-08-27 08:31 36,864 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-08-27 08:31 299,008 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-08-26 17:07 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\vlc
2007-08-26 13:14 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-26 04:32 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\DivX
2007-08-25 14:19 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-25 13:00 <DIR> d-------- C:\WINDOWS\ufro
2007-08-25 01:07 <DIR> d-------- C:\Program Files\Black Isle
2007-08-22 09:28 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\BitTorrent
2007-08-22 09:27 <DIR> d-------- C:\Program Files\BitTorrent
2007-08-22 09:01 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Azureus
2007-08-22 09:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-22 09:00 <DIR> d-------- C:\Program Files\Azureus
2007-08-21 22:20 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-08-21 22:19 <DIR> d-------- C:\Program Files\DivX
2007-08-18 22:15 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\SecondLife
2007-08-18 11:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-08-17 21:06 <DIR> d-------- C:\Program Files\Google
2007-08-17 21:06 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Google
2007-08-17 15:15 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2007-08-17 15:15 43,387 --a------ C:\WINDOWS\browser.exe
2007-08-17 15:15 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2007-08-17 15:15 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2007-08-17 15:15 <DIR> d-------- C:\WINDOWS\Motive
2007-08-17 15:14 <DIR> d-------- C:\Program Files\SBC Self Support Tool
2007-08-17 15:14 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-08-17 15:03 <DIR> d-------- C:\Program Files\BroadJump
2007-08-17 14:44 266,240 --------- C:\WINDOWS\SBCDSL.exe
2007-08-14 14:34 270,336 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-08-14 14:34 151,552 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-08-14 14:33 453,120 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-25 22:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-25 21:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-25 21:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-25 21:53 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 21:53 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 21:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-19 11:28 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-07-03 16:44 64,000 --a------ C:\WINDOWS\system32\ALZALZ.BIN
2007-07-03 16:44 44,544 --a------ C:\WINDOWS\system32\ALZZip.BIN


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 23:44 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-30 21:44 --------- d-------- C:\DOCUME~1\Tasha\APPLIC~1\LimeWire
2007-08-27 21:40 --------- d-------- C:\Program Files\Kids Cam Sticker Factory
2007-08-27 21:38 --------- d-------- C:\Program Files\Microsoft Small Business
2007-08-27 21:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-19 23:51 --------- d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\LimeWire
2007-08-18 14:38 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Motive
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 18:48 --------- d-------- C:\Program Files\Yahoo!
2007-07-25 21:53 43528 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-25 21:53 120056 --a--c--- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-25 21:53 118520 --a--c--- C:\WINDOWS\system32\pxinsi64.exe
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-25 21:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-25 21:50 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-25 21:50 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-25 21:50 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-25 21:50 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-25 21:50 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-25 21:50 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-25 21:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-23 09:41 --------- d-------- C:\Program Files\EA GAMES
2007-07-09 14:55 --------- d-------- C:\DOCUME~1\SPAGHE~1\APPLIC~1\U3
2007-06-05 16:05 42 --a------ C:\WINDOWS\Pt.dll
2001-10-16 08:10 61440 --a------ C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 08:58 36864 --a------ C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 08:00 139264 --a------ C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 08:11 167936 --a------ C:\WINDOWS\inf\i386\viceo.dll


((((((((((((((((((((((((((((( snapshot_2007-08-29_205925.26 )))))))))))))))))))))))))))))))))))))))))

----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\spuninst.exe
----a-w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlmp.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
----a-w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrpamp.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlmp.exe
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrpamp.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spuninst.exe
----a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\sp2gdr\vgx.dll
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\sp2qfe\vgx.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spuninst.exe
----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2gdr\tzchange.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2qfe\tzchange.exe
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\spuninst.exe
----a-w 282,112 2007-06-19 13:31:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\sp2gdr\gdi32.dll
----a-w 282,112 2007-06-19 13:37:21 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\sp2qfe\gdi32.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\spuninst.exe
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
----a-w 22,752 2005-06-28 15:21:34 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
----a-w 10,834,944 2007-06-12 04:51:12 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\spuninst.exe
----a-w 292,864 2007-03-17 13:43:01 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\sp2gdr\winsrv.dll
----a-w 292,864 2007-03-17 13:45:03 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\sp2qfe\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spuninst.exe
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2GDR\msi31.dll
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\spuninst.exe
----a-w 364,160 2007-04-23 10:32:54 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\sp2gdr\update.sys
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\sp2qfe\update.sys
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
----a-w 317,440 2007-06-27 03:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\spuninst.exe
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\sp2gdr\oleaut32.dll
----a-w 549,888 2007-05-17 11:25:21 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\sp2qfe\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\spuninst.exe
----a-w 86,528 2007-05-16 15:12:00 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\directdb.dll
----a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\inetcomm.dll
----a-w 1,314,816 2007-05-16 15:12:08 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\msoe.dll
----a-w 510,976 2007-05-16 15:12:12 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\wab32.dll
----a-w 85,504 2007-05-16 15:12:15 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\wabimp.dll
----a-w 86,528 2007-05-16 15:32:55 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\directdb.dll
----a-w 683,520 2007-05-16 15:32:55 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\inetcomm.dll
----a-w 1,314,816 2007-05-16 15:32:56 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\msoe.dll
----a-w 510,976 2007-05-16 15:32:56 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\wab32.dll
----a-w 85,504 2007-05-16 15:32:56 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\wabimp.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\spuninst.exe
----a-w 185,344 2007-02-05 20:17:02 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2gdr\upnphost.dll
----a-w 185,344 2007-02-05 20:19:14 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2qfe\upnphost.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\spuninst.exe
----a-w 984,576 2007-04-16 15:52:53 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2gdr\kernel32.dll
----a-w 986,112 2007-04-16 16:07:27 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2qfe\kernel32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\d85003cd1f1494436622b8db3105dbdb\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\d85003cd1f1494436622b8db3105dbdb\spuninst.exe
----a-w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\SoftwareDistribution\Download\d85003cd1f1494436622b8db3105dbdb\sp2gdr\msxml3.dll
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\SoftwareDistribution\Download\d85003cd1f1494436622b8db3105dbdb\sp2qfe\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\d85003cd1f1494436622b8db3105dbdb\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\d85003cd1f1494436622b8db3105dbdb\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\d85003cd1f1494436622b8db3105dbdb\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\spuninst.exe
----a-w 144,896 2007-04-25 14:21:15 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\sp2gdr\schannel.dll
----a-w 144,896 2007-04-25 20:32:22 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\sp2qfe\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\spuninst.exe
----a-w 574,464 2007-02-09 11:10:35 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2gdr\ntfs.sys
----a-w 574,976 2007-02-09 11:23:36 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2qfe\ntfs.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\spuninst.exe
----a-w 57,344 2007-03-09 13:58:57 C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\sp2qfe\agentdpv.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\sp2qfe\xpsp3res.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\spuninst.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\advpack.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\extmgr.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieapfltr.dat
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieudinit.exe
----a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iexplore.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\jsproxy.dll
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\occache.dll
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\wininet.dll
----a-w 124,928 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\advpack.dll
----a-w 132,608 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\extmgr.dll
----a-w 63,488 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieakeng.dll
----a-w 230,400 2007-06-27 14:39:43 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieaksie.dll
----a-w 161,792 2007-06-27 07:07:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-06-27 14:39:43 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieapfltr.dll
----a-w 384,512 2007-06-27 14:39:44 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iedkcs32.dll
----a-w 6,059,008 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieframe.dll
----a-w 44,544 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iernonce.dll
----a-w 267,776 2007-06-27 14:39:52 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iertutil.dll
----a-w 13,824 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieudinit.exe
----a-w 625,152 2007-06-27 09:16:52 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iexplore.exe
----a-w 27,648 2007-06-27 14:39:54 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\jsproxy.dll
----a-w 459,264 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msfeeds.dll
----a-w 52,224 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msfeedsbs.dll
----a-w 3,584,000 2007-07-18 21:09:49 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mshtml.dll
----a-w 477,696 2007-06-27 14:40:00 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mshtmled.dll
----a-w 193,024 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msrating.dll
----a-w 671,232 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mstime.dll
----a-w 102,400 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\occache.dll
----a-w 105,984 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\url.dll
----a-w 1,154,048 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\urlmon.dll
----a-w 232,960 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\webcheck.dll
----a-w 824,320 2007-06-27 14:40:03 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\updspapi.dll
----a-w 19,684 2007-08-31 01:36:13 C:\WINDOWS\SoftwareDistribution\EventCache\{C5A87B0D-8A8D-4A17-8122-1DEF4D352899}.bin
----a-w 135,168 2007-07-12 06:22:00 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-07-12 06:22:04 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-07-12 07:22:38 C:\WINDOWS\system32\javaws.exe
-c--a-w 92,504 2007-07-31 00:19:20 C:\WINDOWS\system32\dllcache\cdm.dll
-c--a-w 549,720 2007-07-31 00:19:36 C:\WINDOWS\system32\dllcache\wuapi.dll
-c--a-w 53,080 2007-07-31 00:19:16 C:\WINDOWS\system32\dllcache\wuauclt.exe
-c--a-w 1,712,984 2007-07-31 00:19:42 C:\WINDOWS\system32\dllcache\wuaueng.dll
-c--a-w 325,976 2007-07-31 00:19:32 C:\WINDOWS\system32\dllcache\wucltui.dll
-c--a-w 33,624 2007-07-31 00:18:40 C:\WINDOWS\system32\dllcache\wups.dll
-c--a-w 203,096 2007-07-31 00:19:28 C:\WINDOWS\system32\dllcache\wuweb.dll
----a-w 33,624 2007-07-31 00:18:40 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w 43,352 2007-07-31 00:19:12 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll

----a-w 24,681 2004-08-12 02:36:12 C:\WINDOWS\system32\java.exe
----a-w 28,779 2004-08-12 02:36:12 C:\WINDOWS\system32\javaw.exe
-c--a-w 75,544 2005-05-26 12:16:24 C:\WINDOWS\system32\dllcache\cdm.dll
-c--a-w 465,176 2005-05-26 12:16:30 C:\WINDOWS\system32\dllcache\wuapi.dll
-c--a-w 124,184 2005-05-26 12:16:30 C:\WINDOWS\system32\dllcache\wuauclt.exe
-c--a-w 1,343,768 2005-05-26 12:16:30 C:\WINDOWS\system32\dllcache\wuaueng.dll
-c--a-w 127,256 2005-05-26 12:16:30 C:\WINDOWS\system32\dllcache\wucltui.dll
-c--a-w 41,240 2005-05-26 12:16:30 C:\WINDOWS\system32\dllcache\wups.dll
-c--a-w 173,536 2005-05-26 12:19:32 C:\WINDOWS\system32\dllcache\wuweb.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-25 14:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk
backup=C:\WINDOWS\pss\Check for OneTouch Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXDL.EXE]
C:\Program Files\Cosmi\HelpExpress\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" -run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kyv]
"C:\Documents and Settings\HP_Owner\My Documents\s?mbols\l?ass.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mewe]
C:\Program Files\MSN Gaming Zone\mewe22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N91M2703]
"C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]
"C:\WINDOWS\poolsv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srro]
"C:\DOCUME~1\HP_Owner\APPLIC~1\FNTS~1\services.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.2\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"VETMSGNT"=3 (0x3)
"SQLWriter"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)
"SymWSC"=2 (0x2)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"CAISafe"=2 (0x2)
"MSDTC"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"wuauserv"=2 (0x2)
"WZCSVC"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SSDPSRV"=3 (0x3)
"HidServ"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"TrkWks"=2 (0x2)
"AppMgmt"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aspnet_state"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Proemsutqdq"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVGEMS"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Schedule"=3 (0x3)
"Messenger"=3 (0x3)

S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 SQTECH913D;913D Camera;C:\WINDOWS\system32\Drivers\Capt913D.sys
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
S4 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b9df98c-e948-11db-9270-ea524577c6a4}]
AutoRun\command- setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2004-08-12 06:16:38 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 00:10:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-31 0:12:52
C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:12
C:\ComboFix2.txt ... 2007-08-29 21:00

--- E O F ---

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:51 PM

Posted 31 August 2007 - 07:53 AM

Hello,

There are still some bad folders present. They may be empty, but I'm not willing to take the chance.

Navigate to the following folders and delete them :

C:\Program Files\Web Buying
C:\DOCUME~1\HP_Owner\APPLIC~1\FNTS~1 <---this will be in the folder APPLIC~1, which is ApplicationData
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\WINDOWS\retadpu77.exe<---this should be a file
C:\WINDOWS\poolsv.exe
C:\Program Files\MSN Gaming Zone\mewe22011.exe
C:\Documents and Settings\HP_Owner\My Documents\s?mbols<---this folder may look like it says "symbols".

After you delete any of them that are there empty your Recycle Bin and reboot your computer. Let me know how it goes. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 tina326

tina326
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 31 August 2007 - 09:58 AM

I didn't find any of the listed files or folders. I turned my computer off for a little while, turned it back on, checked my email and restarted again just for fun. I haven't had any problems at all. I feel like such a techie! Thank you very much.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:51 PM

Posted 31 August 2007 - 03:01 PM

Hi there,

That's great! :thumbsup: I had to be sure those weren't there before I gave you the all clear.

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle Bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:51 PM

Posted 05 September 2007 - 10:32 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users