Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Virus/trojan/spyware Infections On Laptop


  • Please log in to reply
25 replies to this topic

#1 barfomcgee

barfomcgee

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 14 November 2007 - 03:28 AM

I posted a few days ago in the wrong forum. I've since used AVG anti-spyware and anti-virus, Ad-Aware, SpyBot, Spyware Blaster, Stinger and Bit Defender and cleaned out at least 65 infected files. I'm just hoping I've gotten everything, because the laptop is still acting a bit strange. Thanks in advance for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:43 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F00E5B5-62F4-4283-B3A8-60811579DD65} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Microsoft] servicess.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft] servicess.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{718B033A-43B0-4438-8C16-77E43953849A}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: tuvwxyy - tuvwxyy.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10050 bytes

BC AdBot (Login to Remove)

 


#2 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:07:19 AM

Posted 15 November 2007 - 10:19 AM

Hi barfomcgee

Give me a little time to look over your log and i will get back to you asap.

Regards DC

#3 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:07:19 AM

Posted 15 November 2007 - 01:16 PM

Hello again

1. I see you are running Teatimer.
I require you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

http://russelltexas.com/malware/teatimer.htm - How to disable TeaTimer during HijackThis Cleanup

2. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
3. Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

DC

#4 barfomcgee

barfomcgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 15 November 2007 - 09:58 PM

Thanks very much for your help, DC. Here are the logs you requested:


ComboFix 07-11-08.1 - Administrator 2007-11-16 9:52:33.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-16 09:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 09:47 <DIR> d-------- C:\Program Files\Java
2007-11-16 09:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-14 18:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Program Files\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-14 15:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-14 10:42 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-13 10:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-13 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 10:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 00:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-13 00:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-13 00:36 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-11-12 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 12:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-11 12:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-11 12:11 <DIR> d-------- C:\WINDOWS\Web Download
2007-11-11 11:38 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 11:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 11:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 11:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 11:38 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 11:38 3,266 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-11 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-11 11:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-11 11:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-11 10:40 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-11 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-09 15:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-09 15:58 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-08 15:15 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-08 15:13 <DIR> d-------- C:\Program Files\MSBuild
2007-11-08 15:13 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-08 15:11 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-08 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-08 15:02 <DIR> dr-h----- C:\MSOCache
2007-11-08 11:23 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2007-11-08 10:52 <DIR> d-------- C:\Program Files\Torrent Harvester
2007-11-08 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-08 10:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 21:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2007-11-03 09:33 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-03 09:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2007-11-03 09:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-02 12:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-02 12:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-02 12:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-02 12:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-02 12:25 <DIR> d-------- C:\5d1613fd549f0d7f1b54de1ec76f
2007-11-02 12:24 1,187 --a------ C:\WINDOWS\wmplayer.reg
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 15:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-11-14 08:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-14 03:30 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-14 03:30 --------- d-----w C:\Program Files\Symantec
2007-11-14 03:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-14 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-13 16:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-07 14:17 --------- d-----w C:\Program Files\Yahoo!
2007-11-07 14:13 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\yahoo!
2007-11-07 14:13 --------- d-----w C:\Program Files\Common Files\Real
2007-11-07 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-07 14:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-04 13:56 --------- d-----w C:\Program Files\Azureus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F00E5B5-62F4-4283-B3A8-60811579DD65}]
C:\WINDOWS\system32\vturs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-10-29 02:47]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-10-29 02:47]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-10-29 02:47]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-03-23 22:45 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 22:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 12:11]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 12:13]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 12:10]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 16:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-15 09:27]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-10-06 15:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2004-02-19 13:07]
"McAfeeFireTray"="C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe" [2005-04-12 18:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-29 02:47]
"Microsoft"="servicess.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-06 20:33:24]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 16:16:02]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwxyy]
tuvwxyy.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4a694ec-553a-11db-8e5e-0018de1be8ea}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

*Newly Created Service* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 07:00:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 09:55:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32:svchost.exe 20480 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-16 9:56:14 - machine was rebooted
.
--- E O F ---


---------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:01 AM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F00E5B5-62F4-4283-B3A8-60811579DD65} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft] servicess.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: tuvwxyy - tuvwxyy.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9056 bytes


Thanks again.

#5 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:07:19 AM

Posted 17 November 2007 - 05:28 AM

Hi barfomcgee

One or more of the infections on your computer is a backdoor trojan. It is advisable to get to a known clean computer and change any passwords for site's like banks and paypal.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.


1.
  • Download the FxGaobot.exe file from: http://www.symantec.com/content/en/us/glob...ps/FxGaobot.exe.
  • Save the file to a convenient location, such as your Windows desktop.
  • Close all the running programs.
  • If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  • If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

    How to turn off or turn on Windows XP System Restore
  • Locate the file that you just downloaded.
  • Double-click the FxGaobot.exe file to start the removal tool.
  • Click Start to begin the process, and then allow the tool to run.

  • Restart the computer.
  • Run the removal tool again to ensure that the system is clean.
  • If you are running Windows Me/XP, then reenable System Restore.
  • If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
2. Start HijackThis and click the Scan button to perform a scan. Once the scan has completed look for the following item/s and click in the checkbox in front of each item to select it (if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {4F00E5B5-62F4-4283-B3A8-60811579DD65} - C:\WINDOWS\system32\vturs.dll (file missing)

O4 - HKCU\..\Run: [Microsoft] servicess.exe

O20 - Winlogon Notify: tuvwxyy - tuvwxyy.dll (file missing)


3. Next close all open windows apart from hjt and click fix checked and then exit the program.

4. Copy the text in the codebox into a notepad file and save it to your desktop as cfscript

File::
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\msonpmon.dll
C:\WINDOWS\system32\tuvwxyy.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4a694ec-553a-11db-8e5e-0018de1be8ea}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
.

5. Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type A to create a System Report
  • Please be patient as this scan may take some time
  • When the scan has finished post back the SystemReport.txt from the SDFix folder
6. So in your next reply post:
  • let me know how step #1 went
  • Combofix.txt
  • Sdfix report
  • A fresh Hijackthis log
Regards DC

#6 barfomcgee

barfomcgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 18 November 2007 - 12:19 AM

Hello DC. Thanks again for all your help, you really are a lifesaver. Here are the results from your extremely detailed instructions:

1 - The scan from Symantec revealed no problems. I scanned twice as instructed.

2 - I did have some problems running Combofix. It kept popping up with an error message, "The Date is 18-11-2007. This copy of Combofix has expired. Please download an updated version." Then it automatically deleted itself. I tried to find a more recent copy, but without any luck. To work around this, I simply changed the date in Windows to 2006 instead of 2007. I hope this didn't cause any problems. Here is the report:

ComboFix 07-11-08.1 - Administrator 2006-11-18 11:55:20.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\msonpmon.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\tuvwxyy.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\msonpmon.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-16 21:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-11-16 21:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2007-11-16 21:48 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-16 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-16 21:48 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-11-16 21:48 277,616 --a------ C:\WINDOWS\system32\McGDMgr.dll
2007-11-16 21:48 67,584 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-11-16 21:48 24,576 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-11-16 09:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 09:47 <DIR> d-------- C:\Program Files\Java
2007-11-16 09:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-14 18:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Program Files\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-14 15:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Network Associates
2007-11-14 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-14 10:42 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-13 10:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-13 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 10:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 00:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-13 00:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-13 00:36 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-11-12 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 12:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-11 12:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-11 12:11 <DIR> d-------- C:\WINDOWS\Web Download
2007-11-11 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-11 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-11 11:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-11 11:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-11 10:40 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-11 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-09 15:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-09 15:58 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-08 15:13 <DIR> d-------- C:\Program Files\MSBuild
2007-11-08 15:13 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-08 15:11 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-08 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-08 15:02 <DIR> dr-h----- C:\MSOCache
2007-11-08 11:23 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2007-11-08 10:52 <DIR> d-------- C:\Program Files\Torrent Harvester
2007-11-08 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-08 10:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 21:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2007-11-03 09:33 1,843 --a------ C:\WINDOWS\mozver.dat
2007-11-03 09:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2007-11-03 09:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-02 12:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-02 12:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-02 12:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-02 12:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-02 12:25 <DIR> d-------- C:\5d1613fd549f0d7f1b54de1ec76f
2007-11-02 12:24 1,187 --a------ C:\WINDOWS\wmplayer.reg
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 03:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-11-16 07:01 --------- d-----w C:\Program Files\Apple Software Update
2007-11-14 08:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-14 03:30 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-14 03:30 --------- d-----w C:\Program Files\Symantec
2007-11-14 03:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-14 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-13 16:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-07 14:17 --------- d-----w C:\Program Files\Yahoo!
2007-11-07 14:13 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\yahoo!
2007-11-07 14:13 --------- d-----w C:\Program Files\Common Files\Real
2007-11-07 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-07 14:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-04 13:56 --------- d-----w C:\Program Files\Azureus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-10-29 02:47]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-10-29 02:47]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-10-29 02:47]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-03-23 22:45 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 22:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 12:11]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 12:13]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 12:10]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 16:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-15 09:27]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-10-06 15:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-29 02:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-06 20:33:24]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 16:16:02]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)


*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 07:00:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 11:58:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32:svchost.exe 20480 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-08 11:59:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 09:56
.
--- E O F ---

------------------------------------------------------------------

3 - Sdfix Report

System Report
*************

Run on Sun 11/18/2007 at 12:01 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [936]
\??\C:\WINDOWS\system32\csrss.exe [984]
\??\C:\WINDOWS\system32\winlogon.exe [1012]
C:\WINDOWS\system32\services.exe [1056]
C:\WINDOWS\system32\lsass.exe [1068]
C:\WINDOWS\system32\svchost.exe [1236]
C:\WINDOWS\system32\svchost.exe [1284]
C:\WINDOWS\System32\svchost.exe [1428]
C:\WINDOWS\system32\svchost.exe [1492]
C:\WINDOWS\system32\svchost.exe [1644]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1920]
C:\WINDOWS\Explorer.EXE [232]
C:\WINDOWS\system32\spoolsv.exe [388]
C:\WINDOWS\system32\taskswitch.exe [1408]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [1504]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [980]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [1544]
C:\WINDOWS\system32\igfxtray.exe [1548]
C:\WINDOWS\system32\hkcmd.exe [296]
C:\WINDOWS\system32\igfxpers.exe [1572]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [868]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [1664]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [1956]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [1772]
C:\PROGRA~1\mcafee.com\agent\mcagent.exe [1764]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [1876]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [1744]
C:\WINDOWS\system32\ctfmon.exe [1856]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [800]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe [1512]
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1348]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1112]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE [1520]
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [1212]
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe [1360]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [3524]
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [3500]
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [3548]
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [3588]
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [3620]
c:\program files\mcafee.com\agent\mcdetect.exe [3704]
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [3736]
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [3764]
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [3820]
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [4088]
C:\WINDOWS\system32\wbem\wmiprvse.exe [2136]
C:\WINDOWS\System32\alg.exe [2252]
C:\WINDOWS\system32\wuauclt.exe [3276]
C:\WINDOWS\system32\wuauclt.exe [3660]
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe [1256]


Files Created/Modified - 60 Days :


C:\

Nov 8 2007 11:59:10a 10,384 A.... "C:\ComboFix.txt"
Nov 16 2007 9:56:16a 10,129 A.... "C:\ComboFix2.txt"
Nov 8 2007 11:58:06a 792,723,456 A.SH. "C:\pagefile.sys"
Nov 16 2007 9:56:38p 543,463 A.... "C:\ptdebug.txt"
Nov 11 2007 11:38:58a 1,398 A.... "C:\rapport.txt"
Nov 14 2007 9:38:46p 215 A.... "C:\rominfo.txt"


C:\WINDOWS\

Nov 8 2007 11:59:42a 0 A.... "C:\WINDOWS\0.log"
Oct 25 2007 10:26:48a 53,248 A.... "C:\WINDOWS\bdoscandel.exe"
Oct 25 2007 10:26:48a 453 A.... "C:\WINDOWS\bdoscandellang.ini"
Nov 8 2007 11:58:10a 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Oct 29 2007 6:56:20p 136,192 A.... "C:\WINDOWS\catchme.exe"
Nov 4 2007 6:48:32p 100 A.... "C:\WINDOWS\cdplayer.ini"
Nov 15 2007 9:22:12a 204,633 A.... "C:\WINDOWS\comsetup.log"
Nov 14 2007 10:26:28a 34,908 A.... "C:\WINDOWS\DPINST.LOG"
Nov 15 2007 9:22:10a 574,193 A.... "C:\WINDOWS\FaxSetup.log"
Nov 15 2007 9:22:12a 665,260 A.... "C:\WINDOWS\iis6.log"
Nov 13 2007 4:10:48p 1,393 A.... "C:\WINDOWS\imsins.BAK"
Nov 15 2007 9:22:12a 1,393 A.... "C:\WINDOWS\imsins.log"
Nov 12 2007 10:44:54a 30,107 A.... "C:\WINDOWS\KB873339.log"
Nov 12 2007 10:47:40a 36,405 A.... "C:\WINDOWS\KB885835.log"
Nov 12 2007 10:47:32a 33,964 A.... "C:\WINDOWS\KB885836.log"
Nov 11 2007 3:01:10a 9,078 A.... "C:\WINDOWS\KB886185.log"
Nov 12 2007 10:36:24a 24,008 A.... "C:\WINDOWS\KB888302.log"
Nov 12 2007 10:37:36a 25,651 A.... "C:\WINDOWS\KB890046.log"
Nov 12 2007 10:27:02a 18,964 A.... "C:\WINDOWS\KB890859.log"
Nov 11 2007 3:02:56a 22,956 A.... "C:\WINDOWS\KB893756.log"
Nov 10 2007 9:00:42a 11,159 A.... "C:\WINDOWS\KB893803v2.log"
Nov 12 2007 10:30:22a 22,206 A.... "C:\WINDOWS\KB894391.log"
Nov 12 2007 10:44:14a 32,439 A.... "C:\WINDOWS\KB896358.log"
Nov 11 2007 3:02:50a 22,453 A.... "C:\WINDOWS\KB896423.log"
Nov 12 2007 10:32:26a 21,929 A.... "C:\WINDOWS\KB896428.log"
Nov 10 2007 9:00:04a 6,771 A.... "C:\WINDOWS\KB898461.log"
Nov 12 2007 10:49:32a 42,055 A.... "C:\WINDOWS\KB899587.log"
Nov 12 2007 10:46:14a 34,480 A.... "C:\WINDOWS\KB899591.log"
Nov 12 2007 10:45:12a 36,043 A.... "C:\WINDOWS\KB900485.log"
Nov 12 2007 10:35:18a 22,960 A.... "C:\WINDOWS\KB900725.log"
Nov 12 2007 10:46:20a 36,242 A.... "C:\WINDOWS\KB901017.log"
Nov 12 2007 10:33:52a 23,111 A.... "C:\WINDOWS\KB901190.log"
Nov 12 2007 10:36:56a 25,416 A.... "C:\WINDOWS\KB901214.log"
Nov 12 2007 10:41:52a 36,144 A.... "C:\WINDOWS\KB902400.log"
Nov 12 2007 10:33:58a 20,611 A.... "C:\WINDOWS\KB904706.log"
Nov 11 2007 3:01:28a 19,554 A.... "C:\WINDOWS\KB905414.log"
Nov 12 2007 10:33:34a 23,602 A.... "C:\WINDOWS\KB905749.log"
Nov 12 2007 10:29:32a 19,876 A.... "C:\WINDOWS\KB908519.log"
Nov 12 2007 10:33:46a 21,241 A.... "C:\WINDOWS\KB908531.log"
Nov 12 2007 10:43:32a 24,488 A.... "C:\WINDOWS\KB910437.log"
Nov 12 2007 10:45:52a 34,250 A.... "C:\WINDOWS\KB911280.log"
Nov 12 2007 10:45:38a 33,301 A.... "C:\WINDOWS\KB911562.log"
Nov 11 2007 3:02:36a 14,190 A.... "C:\WINDOWS\KB911564.log"
Nov 12 2007 10:46:56a 34,520 A.... "C:\WINDOWS\KB911927.log"
Nov 12 2007 10:32:44a 21,065 A.... "C:\WINDOWS\KB913580.log"
Nov 12 2007 10:37:14a 26,583 A.... "C:\WINDOWS\KB914388.log"
Nov 12 2007 10:28:34a 19,749 A.... "C:\WINDOWS\KB914389.log"
Nov 11 2007 3:01:04a 9,643 A.... "C:\WINDOWS\KB916595.log"
Nov 12 2007 10:37:08a 25,482 A.... "C:\WINDOWS\KB917344.log"
Nov 12 2007 10:37:02a 25,245 A.... "C:\WINDOWS\KB917953.log"
Nov 12 2007 10:36:36a 25,166 A.... "C:\WINDOWS\KB918118.log"
Nov 11 2007 3:01:46a 19,520 A.... "C:\WINDOWS\KB918439.log"
Nov 12 2007 10:37:20a 26,033 A.... "C:\WINDOWS\KB919007.log"
Nov 12 2007 10:34:58a 21,155 A.... "C:\WINDOWS\KB920213.log"
Nov 11 2007 3:01:58a 14,100 A.... "C:\WINDOWS\KB920670.log"
Nov 12 2007 10:29:26a 17,603 A.... "C:\WINDOWS\KB920683.log"
Nov 12 2007 10:46:08a 36,126 A.... "C:\WINDOWS\KB920685.log"
Nov 12 2007 10:37:30a 27,643 A.... "C:\WINDOWS\KB920872.log"
Nov 12 2007 10:44:26a 32,615 A.... "C:\WINDOWS\KB921503.log"
Nov 11 2007 3:01:18a 12,307 A.... "C:\WINDOWS\KB922582.log"
Nov 12 2007 10:48:46a 36,594 A.... "C:\WINDOWS\KB922819.log"
Nov 12 2007 10:36:48a 23,181 A.... "C:\WINDOWS\KB923191.log"
Nov 12 2007 10:47:28a 37,055 A.... "C:\WINDOWS\KB923414.log"
Nov 12 2007 10:46:00a 36,851 A.... "C:\WINDOWS\KB923980.log"
Nov 12 2007 10:45:02a 32,507 A.... "C:\WINDOWS\KB924270.log"
Nov 12 2007 10:44:48a 35,043 A.... "C:\WINDOWS\KB924496.log"
Nov 12 2007 10:45:20a 32,086 A.... "C:\WINDOWS\KB924667.log"
Nov 12 2007 10:44:04a 26,649 A.... "C:\WINDOWS\KB925398.log"
Nov 12 2007 10:43:24a 32,705 A.... "C:\WINDOWS\KB925902.log"
Nov 2 2007 12:27:50p 8,062 A.... "C:\WINDOWS\KB926239.log"
Nov 12 2007 10:36:30a 22,847 A.... "C:\WINDOWS\KB926255.log"
Nov 11 2007 3:01:40a 19,330 A.... "C:\WINDOWS\KB926436.log"
Nov 12 2007 10:49:26a 39,321 A.... "C:\WINDOWS\KB927779.log"
Nov 12 2007 10:49:18a 38,268 A.... "C:\WINDOWS\KB927802.log"
Nov 12 2007 10:44:40a 25,490 A.... "C:\WINDOWS\KB927891.log"
Nov 12 2007 10:47:22a 35,746 A.... "C:\WINDOWS\KB928255.log"
Nov 12 2007 10:26:20a 17,607 A.... "C:\WINDOWS\KB928843.log"
Nov 12 2007 10:42:30a 29,438 A.... "C:\WINDOWS\KB929123.log"
Nov 12 2007 10:36:16a 17,506 A.... "C:\WINDOWS\KB929399.log"
Nov 11 2007 3:01:34a 19,637 A.... "C:\WINDOWS\KB930178.log"
Nov 12 2007 10:34:02a 23,361 A.... "C:\WINDOWS\KB930916.log"
Nov 13 2007 4:10:28p 30,996 A.... "C:\WINDOWS\KB931261.log"
Nov 12 2007 10:47:10a 38,259 A.... "C:\WINDOWS\KB931784.log"
Nov 11 2007 3:01:24a 18,653 A.... "C:\WINDOWS\KB932168.log"
Nov 12 2007 10:34:50a 34,427 A.... "C:\WINDOWS\KB933360.log"
Nov 11 2007 3:03:02a 16,832 A.... "C:\WINDOWS\KB933729.log"
Nov 12 2007 10:32:14a 19,659 A.... "C:\WINDOWS\KB935839.log"
Nov 12 2007 10:34:44a 21,047 A.... "C:\WINDOWS\KB935840.log"
Nov 12 2007 10:45:46a 35,835 A.... "C:\WINDOWS\KB936021.log"
Nov 12 2007 10:44:32a 35,026 A.... "C:\WINDOWS\KB936357.log"
Nov 12 2007 10:30:14a 12,197 A.... "C:\WINDOWS\KB936782.log"
Nov 12 2007 10:35:04a 23,806 A.... "C:\WINDOWS\KB938127.log"
Nov 12 2007 10:45:30a 34,739 A.... "C:\WINDOWS\KB938828.log"
Nov 12 2007 10:44:20a 30,302 A.... "C:\WINDOWS\KB938829.log"
Nov 13 2007 4:10:48p 35,418 A.... "C:\WINDOWS\KB939653.log"
Nov 12 2007 10:35:54a 17,232 A.... "C:\WINDOWS\KB939683.log"
Nov 12 2007 10:36:42a 22,484 A.... "C:\WINDOWS\KB941202.log"
Nov 15 2007 9:22:12a 7,796 A.... "C:\WINDOWS\KB943460.log"
Nov 16 2007 9:56:36p 7,436 A.... "C:\WINDOWS\McAfeeFire_Install.log"
Nov 15 2007 9:22:12a 40,162 A.... "C:\WINDOWS\MedCtrOC.log"
Nov 16 2007 10:30:14p 1,843 A.... "C:\WINDOWS\mozver.dat"
Nov 2 2007 12:27:38p 6,119 A.... "C:\WINDOWS\MSCompPackV1.log"
Nov 15 2007 9:22:12a 28,990 A.... "C:\WINDOWS\msgsocm.log"
Nov 15 2007 9:22:06a 184,652 A.... "C:\WINDOWS\msmqinst.log"
Nov 12 2007 12:30:58a 116 A.... "C:\WINDOWS\NeroDigital.ini"
Nov 15 2007 9:22:12a 101,343 A.... "C:\WINDOWS\netfxocm.log"
Nov 3 2007 9:15:44a 0 A.... "C:\WINDOWS\nsreg.dat"
Nov 12 2007 10:15:50a 471,586 A.... "C:\WINDOWS\ntbtlog.txt"
Nov 15 2007 9:22:12a 122,194 A.... "C:\WINDOWS\ntdtcsetup.log"
Nov 15 2007 9:22:12a 280,088 A.... "C:\WINDOWS\ocgen.log"
Nov 15 2007 9:22:12a 32,007 A.... "C:\WINDOWS\ocmsn.log"
Nov 11 2007 2:14:10p 1,177 A.... "C:\WINDOWS\OEWABLog.txt"
Nov 16 2007 8:04:10p 1,409 A.... "C:\WINDOWS\QTFont.for"
Nov 16 2007 8:04:10p 54,156 A..H. "C:\WINDOWS\QTFont.qfn"
Nov 15 2007 5:00:50p 512 A.... "C:\WINDOWS\randseed.rnd"
Nov 8 2007 11:57:10a 32,570 A.... "C:\WINDOWS\SchedLgU.Txt"
Nov 16 2007 9:48:36a 174,504 A.... "C:\WINDOWS\setupact.log"
Nov 17 2007 2:30:12a 178,625 A.... "C:\WINDOWS\setupapi.log"
Nov 11 2007 3:02:24a 1,044,601 A.... "C:\WINDOWS\setupapi.log.0.old"
Nov 12 2007 12:21:44p 49,571 A.... "C:\WINDOWS\spupdsvc.log"
Nov 15 2007 9:22:12a 29,553 A.... "C:\WINDOWS\tabletoc.log"
Nov 15 2007 9:22:12a 266,963 A.... "C:\WINDOWS\tsoc.log"
Nov 15 2007 9:21:58a 26,568 A.... "C:\WINDOWS\updspapi.log"
Nov 8 2007 3:19:28p 603 A.... "C:\WINDOWS\win.ini"
Nov 18 2007 12:01:22p 1,890,664 A.... "C:\WINDOWS\WindowsUpdate.log"
Nov 2 2007 12:26:26p 26,329 A.... "C:\WINDOWS\WMFDist11.log"
Nov 2 2007 12:27:26p 19,235 A.... "C:\WINDOWS\wmp11.log"
Nov 2 2007 12:24:12p 1,187 A.... "C:\WINDOWS\wmplayer.reg"
Nov 12 2007 10:30:14a 62,500 A.... "C:\WINDOWS\wmsetup.log"
Nov 2 2007 12:27:50p 2,613 A.... "C:\WINDOWS\wmsetup10.log"
Nov 2 2007 12:26:20p 316,640 A.... "C:\WINDOWS\WMSysPr9.prx"
Nov 2 2007 12:25:32p 11,755 A.... "C:\WINDOWS\Wudf01000Inst.log"


C:\WINDOWS\system\



C:\WINDOWS\system32\



C:\WINDOWS\system32\drivers\

Nov 15 2007 9:27:22a 821,856 A.... "C:\WINDOWS\system32\drivers\avg7core.sys"
Nov 11 2007 12:18:02p 4,224 A.... "C:\WINDOWS\system32\drivers\avg7rsw.sys"
Nov 11 2007 12:18:04p 27,776 A.... "C:\WINDOWS\system32\drivers\avg7rsxp.sys"
Nov 11 2007 12:18:06p 3,968 A.... "C:\WINDOWS\system32\drivers\avgclean.sys"
Nov 11 2007 12:18:06p 19,904 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys"
Nov 13 2007 11:51:30a 102,664 A.... "C:\WINDOWS\system32\drivers\tmcomm.sys"


C:\WINDOWS\system32\dllcache\

Oct 26 2007 10:36:52a 8,454,656 A.... "C:\WINDOWS\system32\dllcache\shell32.dll"


C:\Program Files\

Nov 4 2007 8:52:02p 77,824 A.... "C:\Program Files\Azureus\aereg.dll"
Nov 4 2007 8:52:02p 255,504 A.... "C:\Program Files\Azureus\AzureusUpdater.exe"
Nov 4 2007 8:52:02p 348,160 A.... "C:\Program Files\Azureus\msvcr71.dll"
Oct 26 2007 12:47:22p 13,688 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
Oct 26 2007 12:47:24p 7,649,128 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
Oct 26 2007 8:09:56a 200,829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
Oct 26 2007 12:47:24p 456,032 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
Oct 26 2007 12:47:24p 161,128 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
Oct 26 2007 12:47:26p 378,208 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
Oct 26 2007 12:47:26p 271,720 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
Oct 26 2007 12:47:26p 34,160 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
Oct 26 2007 12:47:28p 30,056 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
Oct 26 2007 12:47:28p 111,968 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
Oct 26 2007 8:09:56a 254,060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
Oct 26 2007 12:47:28p 132,448 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
Oct 26 2007 12:47:30p 131,968 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
Oct 26 2007 8:09:56a 709 A.... "C:\Program Files\Mozilla Firefox\updater.ini"
Oct 26 2007 12:47:30p 13,152 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
Oct 26 2007 12:47:30p 73,584 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"
Oct 26 2007 12:47:32p 421,736 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"
Oct 26 2007 12:47:32p 73,072 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"
Oct 26 2007 12:47:32p 12,136 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"
Nov 12 2007 9:59:36p 19,908 A.... "C:\Program Files\Spybot - Search & Destroy\unins000.dat"
Nov 12 2007 9:56:40p 690,353 A.... "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Nov 11 2007 10:40:42a 4,887 A.... "C:\Program Files\SpywareBlaster\unins000.dat"
Nov 11 2007 10:39:44a 668,938 A.... "C:\Program Files\SpywareBlaster\unins000.exe"
Nov 8 2007 10:52:06a 33,597 A.... "C:\Program Files\Torrent Harvester\uninstall.exe"
Nov 11 2007 12:18:14p 54,272 A.... "C:\Program Files\Grisoft\AVG7\atc.dll"
Nov 11 2007 12:17:56p 49,664 A.... "C:\Program Files\Grisoft\AVG7\avg6cmpt.dll"
Nov 15 2007 9:27:28a 435,712 A.... "C:\Program Files\Grisoft\AVG7\avgabout.dll"
Nov 11 2007 12:18:08p 278,016 A.... "C:\Program Files\Grisoft\AVG7\avgamint.dll"
Nov 15 2007 9:27:28a 218,112 A.... "C:\Program Files\Grisoft\AVG7\avgamiui.dll"
Nov 11 2007 12:18:08p 10,752 A.... "C:\Program Files\Grisoft\AVG7\avgamsps.dll"
Nov 15 2007 9:27:28a 418,816 A.... "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"
Nov 15 2007 9:27:28a 367,616 A.... "C:\Program Files\Grisoft\AVG7\avgamui.dll"
Nov 15 2007 9:27:28a 579,072 A.... "C:\Program Files\Grisoft\AVG7\avgcc.exe"
Nov 15 2007 9:27:28a 582,144 A.... "C:\Program Files\Grisoft\AVG7\avgcckrn.dll"
Nov 15 2007 9:27:28a 572,928 A.... "C:\Program Files\Grisoft\AVG7\avgcfg.dll"
Nov 15 2007 9:27:26a 615,936 A.... "C:\Program Files\Grisoft\AVG7\avgcore.dll"
Nov 15 2007 9:27:26a 905,728 A.... "C:\Program Files\Grisoft\AVG7\avgctrl.dll"
Nov 15 2007 9:27:30a 1,427,456 A.... "C:\Program Files\Grisoft\AVG7\avgdiag.exe"
Nov 11 2007 12:18:08p 138,752 A.... "C:\Program Files\Grisoft\AVG7\avgeud32.dll"
Nov 11 2007 12:18:10p 19,968 A.... "C:\Program Files\Grisoft\AVG7\avghlog.dll"
Nov 15 2007 9:27:30a 131,072 A.... "C:\Program Files\Grisoft\AVG7\avginet.dll"
Nov 15 2007 9:27:30a 510,976 A.... "C:\Program Files\Grisoft\AVG7\avginet.exe"
Nov 11 2007 12:18:12p 61,440 A.... "C:\Program Files\Grisoft\AVG7\avgklib.dll"
Nov 11 2007 12:18:12p 58,368 A.... "C:\Program Files\Grisoft\AVG7\avglng.dll"
Nov 11 2007 12:18:12p 104,960 A.... "C:\Program Files\Grisoft\AVG7\avglog.dll"
Nov 11 2007 12:18:14p 144,384 A.... "C:\Program Files\Grisoft\AVG7\avgmail.dll"
Nov 11 2007 12:18:16p 15,360 A.... "C:\Program Files\Grisoft\AVG7\avgmvfl.dll"
Nov 11 2007 12:18:14p 54,784 A.... "C:\Program Files\Grisoft\AVG7\avgoff2k.dll"
Nov 11 2007 12:18:14p 69,632 A.... "C:\Program Files\Grisoft\AVG7\avgrep.dll"
Nov 15 2007 9:27:30a 1,282,560 A.... "C:\Program Files\Grisoft\AVG7\avgres.dll"
Nov 11 2007 12:18:08p 192,512 A.... "C:\Program Files\Grisoft\AVG7\avgrssvc.exe"
Nov 15 2007 9:27:30a 392,704 A.... "C:\Program Files\Grisoft\AVG7\avgscan.dll"
Nov 11 2007 12:18:16p 61,952 A.... "C:\Program Files\Grisoft\AVG7\avgscan.exe"
Nov 11 2007 12:18:16p 50,688 A.... "C:\Program Files\Grisoft\AVG7\avgse.dll"
Nov 15 2007 9:27:26a 467,456 A.... "C:\Program Files\Grisoft\AVG7\avgset.dll"
Nov 15 2007 9:27:30a 604,160 A.... "C:\Program Files\Grisoft\AVG7\avgtest.dll"
Nov 11 2007 12:18:16p 138,748 A.... "C:\Program Files\Grisoft\AVG7\avgtitle.dat"
Nov 15 2007 9:27:30a 411,648 A.... "C:\Program Files\Grisoft\AVG7\avgtmgr.dll"
Nov 15 2007 9:27:30a 245,248 A.... "C:\Program Files\Grisoft\AVG7\avgtres.dll"
Nov 11 2007 12:18:16p 191,488 A.... "C:\Program Files\Grisoft\AVG7\avgunarc.dll"
Nov 15 2007 9:27:06a 670,208 A.... "C:\Program Files\Grisoft\AVG7\avgupd.dll"
Nov 11 2007 12:18:16p 66,048 A.... "C:\Program Files\Grisoft\AVG7\avgupdln.exe"
Nov 11 2007 12:18:18p 10,240 A.... "C:\Program Files\Grisoft\AVG7\avgupsvc.dll"
Nov 11 2007 12:18:18p 49,664 A.... "C:\Program Files\Grisoft\AVG7\avgupsvc.exe"
Nov 11 2007 12:18:16p 82,944 A.... "C:\Program Files\Grisoft\AVG7\avgvault.dll"
Nov 15 2007 9:27:30a 389,632 A.... "C:\Program Files\Grisoft\AVG7\avgvv.exe"
Nov 15 2007 9:27:32a 219,136 A.... "C:\Program Files\Grisoft\AVG7\avgw.exe"
Nov 15 2007 9:27:32a 353,280 A.... "C:\Program Files\Grisoft\AVG7\avgwa.dat"
Nov 15 2007 9:27:32a 328,192 A.... "C:\Program Files\Grisoft\AVG7\avgwb.dat"
Nov 15 2007 9:27:32a 123,904 A.... "C:\Program Files\Grisoft\AVG7\avgxch32.dll"
Nov 11 2007 12:18:14p 56,320 A.... "C:\Program Files\Grisoft\AVG7\chipcz.dll"
Nov 11 2007 12:18:14p 61,952 A.... "C:\Program Files\Grisoft\AVG7\chippl.dll"
Nov 11 2007 12:18:18p 1,038,848 A.... "C:\Program Files\Grisoft\AVG7\dbghelp.dll"
Nov 15 2007 9:27:32a 49,257 A.... "C:\Program Files\Grisoft\AVG7\dfncfg.dat"
Nov 15 2007 9:27:32a 49,215 A.... "C:\Program Files\Grisoft\AVG7\dfncfgfr.dat"
Nov 11 2007 12:18:16p 181,248 A.... "C:\Program Files\Grisoft\AVG7\evas.dll"
Nov 11 2007 12:18:16p 15,360 A.... "C:\Program Files\Grisoft\AVG7\idgpl.dll"
Nov 11 2007 12:18:16p 15,360 A.... "C:\Program Files\Grisoft\AVG7\libra.dll"
Nov 11 2007 12:18:16p 15,360 A.... "C:\Program Files\Grisoft\AVG7\lynx.dll"
Nov 11 2007 12:18:16p 15,360 A.... "C:\Program Files\Grisoft\AVG7\nex_sk.dll"
Nov 11 2007 12:18:14p 140,288 A.... "C:\Program Files\Grisoft\AVG7\nfr.dll"
Nov 11 2007 12:18:16p 54,272 A.... "C:\Program Files\Grisoft\AVG7\privsf.dll"
Nov 15 2007 9:27:32a 724,546 A.... "C:\Program Files\Grisoft\AVG7\setup.dat"
Nov 15 2007 9:27:32a 2,003,456 A.... "C:\Program Files\Grisoft\AVG7\setup.exe"
Nov 11 2007 12:18:18p 8,464 A.... "C:\Program Files\Grisoft\AVG7\sporder.dll"
Nov 11 2007 12:18:16p 38,912 A.... "C:\Program Files\Grisoft\AVG7\stopzl.dll"
Nov 11 2007 12:18:14p 54,272 A.... "C:\Program Files\Grisoft\AVG7\todito.dll"
Nov 11 2007 12:18:16p 15,360 A.... "C:\Program Files\Grisoft\AVG7\trbnd.dll"
Nov 11 2007 12:18:14p 15,360 A.... "C:\Program Files\Grisoft\AVG7\volny.dll"
Nov 11 2007 12:18:14p 15,360 A.... "C:\Program Files\Grisoft\AVG7\yto.dll"
Nov 11 2007 12:15:44p 18,592 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\heuristic.dat"
Nov 11 2007 11:13:38a 31 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\lang.ini"
Nov 11 2007 11:13:48a 475,893 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe"
Oct 29 2007 1:58:28p 1,586,528 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWLic.exe"
Oct 29 2007 1:27:04p 587,096 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
Oct 31 2007 3:18:06p 2,336,080 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe"
Oct 31 2007 3:32:06p 2,250,104 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe"
Sep 25 2007 8:00:52a 255,336 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\AWCCommunicatorDLL.dll"
Sep 25 2007 8:00:58a 214,352 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\AWCoreComm.dll"
Sep 25 2007 8:00:56a 206,160 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\AWRegWatchDLL.dll"
Sep 25 2007 8:00:52a 726,376 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll"
Sep 25 2007 8:00:54a 238,944 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\CookieBlocker.dll"
Oct 29 2007 12:21:06p 2,123,128 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe"
Oct 29 2007 12:21:08p 1,914,224 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe"
Nov 18 2007 12:15:06a 0 A.... "C:\Program Files\McAfee.com\Shared\cleanup.ini"
Oct 26 2007 8:41:40p 3,613,736 A.... "C:\Program Files\Microsoft Office\Office12\OUTLFLTR.DAT"
Nov 3 2007 9:15:42a 147,015 A.... "C:\Program Files\Mozilla Firefox\components\compreg.dat"
Oct 26 2007 12:47:34p 66,408 A.... "C:\Program Files\Mozilla Firefox\components\jar50.dll"
Oct 26 2007 12:47:34p 54,112 A.... "C:\Program Files\Mozilla Firefox\components\jsd3250.dll"
Oct 26 2007 12:47:36p 34,688 A.... "C:\Program Files\Mozilla Firefox\components\myspell.dll"
Oct 26 2007 12:47:36p 46,456 A.... "C:\Program Files\Mozilla Firefox\components\spellchk.dll"
Oct 26 2007 12:47:36p 171,880 A.... "C:\Program Files\Mozilla Firefox\components\xpinstal.dll"
Nov 3 2007 9:15:40a 93,909 A.... "C:\Program Files\Mozilla Firefox\components\xpti.dat"
Oct 26 2007 12:47:38p 22,400 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
Oct 3 2007 11:36:46p 25,600 A.... "C:\Program Files\Mozilla Firefox\SmitfraudFix\WS2Fix.exe"
Oct 26 2007 12:47:22p 450,664 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Dec 24 2008 6:23:20p 121,344 A.... "C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll"
Oct 31 2007 10:25:18p 240,811 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip"
Nov 12 2007 10:27:42p 4,006 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\downloaded.ini"
Sep 26 2007 10:25:46p 471,585 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip"
Nov 12 2007 10:24:22p 62,079 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\online.ini"
Sep 26 2007 10:27:40p 683,907 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip"
Nov 14 2007 10:30:30a 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
Nov 13 2007 12:37:16a 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Nov 4 2007 8:50:00p 22,598 A.... "C:\Program Files\Azureus\plugins\azupdater\azupdater_1.8.5.zip"
Nov 11 2007 12:10:28p 28,479 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3117.dat"
Nov 11 2007 12:10:28p 12,893 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3118.dat"
Nov 11 2007 12:10:30p 17,778 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3119.dat"
Nov 11 2007 12:10:48p 11,152 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3120.dat"
Nov 11 2007 12:10:50p 14,218 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3121.dat"
Nov 11 2007 12:11:10p 23,827 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3122.dat"
Nov 11 2007 12:11:14p 21,071 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3123.dat"
Nov 11 2007 12:11:30p 80 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3124.dat"
Nov 11 2007 12:11:32p 662 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3125.dat"
Nov 11 2007 12:11:32p 22,551 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3126.dat"
Nov 11 2007 12:11:34p 34,616 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3127.dat"
Nov 11 2007 12:11:52p 137 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3128.dat"
Nov 11 2007 12:11:52p 18,280 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3129.dat"
Nov 11 2007 12:11:52p 77 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3130.dat"
Nov 11 2007 12:11:56p 79 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3131.dat"
Nov 11 2007 12:12:14p 20,834 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3132.dat"
Nov 11 2007 12:12:16p 15,534 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3133.dat"
Nov 11 2007 12:12:34p 10,115 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3134.dat"
Nov 11 2007 12:12:34p 76 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3135.dat"
Nov 11 2007 12:12:36p 16,658 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3136.dat"
Nov 11 2007 12:12:36p 19,392 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3137.dat"
Nov 11 2007 12:12:38p 251 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3138.dat"
Nov 11 2007 12:12:38p 61 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3139.dat"
Nov 11 2007 12:12:38p 8,027 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3140.dat"
Nov 11 2007 12:12:56p 2,187 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3141.dat"
Nov 11 2007 12:12:56p 5,025 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3142.dat"
Nov 11 2007 12:12:56p 3,358 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3143.dat"
Nov 11 2007 12:12:56p 193 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3144.dat"
Nov 11 2007 12:12:58p 2,209 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3145.dat"
Nov 11 2007 12:12:58p 1,074 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3146.dat"
Nov 11 2007 12:13:00p 25,174 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3147.dat"
Nov 11 2007 12:13:18p 48,732 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3148.dat"
Nov 11 2007 12:13:20p 3,416 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3149.dat"
Nov 11 2007 12:13:20p 2,463 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3150.dat"
Nov 11 2007 12:13:38p 2,378 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3151.dat"
Nov 11 2007 12:13:38p 241 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3152.dat"
Nov 11 2007 12:13:38p 64,904 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3153.dat"
Nov 11 2007 12:13:42p 14,997 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3154.dat"
Nov 11 2007 12:13:42p 2,579 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3155.dat"
Nov 11 2007 12:13:58p 4,384 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3156.dat"
Nov 11 2007 12:13:58p 2,410 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3157.dat"
Nov 11 2007 12:14:02p 71,617 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3158.dat"
Nov 11 2007 12:14:02p 190 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3159.dat"
Nov 11 2007 12:14:02p 3,331 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3160.dat"
Nov 11 2007 12:14:02p 3,509 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3161.dat"
Nov 11 2007 12:14:20p 1,897 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3162.dat"
Nov 11 2007 12:14:20p 1,931 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3163.dat"
Nov 11 2007 12:14:20p 2,098 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3164.dat"
Nov 11 2007 12:14:22p 1,292 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3165.dat"
Nov 11 2007 12:14:22p 1,919 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3166.dat"
Nov 11 2007 12:14:24p 1,777 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3167.dat"
Nov 11 2007 12:14:40p 1,918 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3168.dat"
Nov 11 2007 12:14:40p 1,973 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3169.dat"
Nov 11 2007 12:14:40p 2,089 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3170.dat"
Nov 11 2007 12:14:40p 1,906 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3171.dat"
Nov 11 2007 12:14:44p 77 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3172.dat"
Nov 11 2007 12:14:44p 1,247 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3173.dat"
Nov 11 2007 12:15:00p 1,966 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3174.dat"
Nov 11 2007 12:15:00p 2,157 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3175.dat"
Nov 11 2007 12:15:00p 1,737 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3176.dat"
Nov 11 2007 12:15:00p 1,908 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3177.dat"
Nov 11 2007 12:15:00p 2,245 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3178.dat"
Nov 11 2007 12:15:00p 1,954 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3179.dat"
Nov 11 2007 12:15:00p 2,002 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3180.dat"
Nov 11 2007 12:15:00p 2,311 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3181.dat"
Nov 11 2007 12:15:00p 1,718 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3182.dat"
Nov 11 2007 12:15:02p 1,904 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3183.dat"
Nov 11 2007 12:15:02p 2,367 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3184.dat"
Nov 11 2007 12:15:02p 1,724 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3185.dat"
Nov 11 2007 12:15:02p 2,203 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3186.dat"
Nov 11 2007 12:15:02p 2,162 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3187.dat"
Nov 11 2007 12:15:02p 1,565 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3188.dat"
Nov 11 2007 12:15:02p 1,806 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3189.dat"
Nov 11 2007 12:15:02p 1,961 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3190.dat"
Nov 11 2007 12:15:02p 2,207 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3191.dat"
Nov 11 2007 12:15:02p 2,152 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3192.dat"
Nov 11 2007 12:15:02p 1,993 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3193.dat"
Nov 11 2007 12:15:02p 1,403 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3194.dat"
Nov 11 2007 12:15:04p 1,445 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3195.dat"
Nov 11 2007 12:15:04p 2,422 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3196.dat"
Nov 11 2007 12:15:04p 2,388 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3197.dat"
Nov 11 2007 12:15:04p 2,807 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3198.dat"
Nov 11 2007 12:15:04p 79 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3199.dat"
Nov 11 2007 12:15:04p 2,244 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3200.dat"
Nov 11 2007 12:15:04p 2,081 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3201.dat"
Nov 11 2007 12:15:04p 2,044 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3202.dat"
Nov 11 2007 12:15:04p 1,662 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3203.dat"
Nov 11 2007 12:15:04p 1,860 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3204.dat"
Nov 11 2007 12:15:04p 1,861 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3205.dat"
Nov 11 2007 12:15:04p 2,184 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3206.dat"
Nov 11 2007 12:15:04p 2,038 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3207.dat"
Nov 11 2007 12:15:04p 1,971 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3208.dat"
Nov 11 2007 12:15:04p 2,051 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3209.dat"
Nov 11 2007 12:15:04p 1,969 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3210.dat"
Nov 11 2007 12:15:04p 2,047 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3211.dat"
Nov 11 2007 12:15:04p 2,645 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3212.dat"
Nov 11 2007 12:15:06p 3,880 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3213.dat"
Nov 11 2007 12:15:06p 2,107 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3214.dat"
Nov 11 2007 12:15:06p 2,070 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3215.dat"
Nov 11 2007 12:15:06p 1,897 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3216.dat"
Nov 11 2007 12:15:06p 84 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3217.dat"
Nov 11 2007 12:15:06p 3,495 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3218.dat"
Nov 11 2007 12:15:06p 2,230 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3219.dat"
Nov 11 2007 12:15:06p 2,251 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3220.dat"
Nov 11 2007 12:15:06p 1,875 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3221.dat"
Nov 11 2007 12:15:06p 1,819 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3222.dat"
Nov 11 2007 12:15:06p 1,968 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3223.dat"
Nov 11 2007 12:15:06p 4,960 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3224.dat"
Nov 11 2007 12:15:06p 1,860 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3225.dat"
Nov 11 2007 12:15:06p 2,301 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3226.dat"
Nov 11 2007 12:15:06p 2,359 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3227.dat"
Nov 11 2007 12:15:06p 2,448 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3228.dat"
Nov 11 2007 12:15:06p 2,291 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3229.dat"
Nov 11 2007 12:15:06p 3,402 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3230.dat"
Nov 11 2007 12:15:06p 2,205 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3231.dat"
Nov 11 2007 12:15:06p 2,981 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3232.dat"
Nov 11 2007 12:15:08p 2,800 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3233.dat"
Nov 11 2007 12:15:08p 2,037 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3234.dat"
Nov 11 2007 12:15:08p 2,040 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3235.dat"
Nov 11 2007 12:15:08p 1,719 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3236.dat"
Nov 11 2007 12:15:08p 3,391 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3237.dat"
Nov 11 2007 12:15:08p 376 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3238.dat"
Nov 11 2007 12:15:08p 14,703 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3239.dat"
Nov 11 2007 12:15:08p 16,969 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3240.dat"
Nov 11 2007 12:15:08p 2,394 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3241.dat"
Nov 11 2007 12:15:08p 1,901 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3242.dat"
Nov 11 2007 12:15:08p 1,746 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3243.dat"
Nov 11 2007 12:15:08p 1,449 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3244.dat"
Nov 11 2007 12:15:08p 5,157 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3245.dat"
Nov 11 2007 12:15:08p 3,044 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3246.dat"
Nov 11 2007 12:15:08p 3,023 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3247.dat"
Nov 11 2007 12:15:08p 134 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3248.dat"
Nov 11 2007 12:15:10p 3,235 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3249.dat"
Nov 11 2007 12:15:10p 3,937 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3250.dat"
Nov 11 2007 12:15:10p 3,736 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3251.dat"
Nov 11 2007 12:15:10p 3,976 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3252.dat"
Nov 11 2007 12:15:10p 22,639 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3253.dat"
Nov 11 2007 12:15:10p 3,250 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3254.dat"
Nov 11 2007 12:15:10p 3,427 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3255.dat"
Nov 11 2007 12:15:10p 4,132 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3256.dat"
Nov 11 2007 12:15:10p 4,328 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3257.dat"
Nov 11 2007 12:15:10p 2,666 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3258.dat"
Nov 11 2007 12:15:10p 3,093 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3259.dat"
Nov 11 2007 12:15:10p 2,371 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3260.dat"
Nov 11 2007 12:15:10p 2,725 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3261.dat"
Nov 11 2007 12:15:10p 2,055 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3262.dat"
Nov 11 2007 12:15:10p 2,432 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3263.dat"
Nov 11 2007 12:15:10p 2,573 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3264.dat"
Nov 11 2007 12:15:12p 1,866 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3265.dat"
Nov 11 2007 12:15:12p 2,320 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3266.dat"
Nov 11 2007 12:15:12p 1,995 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3267.dat"
Nov 11 2007 12:15:12p 2,190 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3268.dat"
Nov 11 2007 12:15:12p 2,700 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3269.dat"
Nov 11 2007 12:15:12p 2,377 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3270.dat"
Nov 11 2007 12:15:12p 2,515 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3271.dat"
Nov 11 2007 12:15:12p 2,064 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3272.dat"
Nov 11 2007 12:15:12p 2,245 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3273.dat"
Nov 11 2007 12:15:12p 31,081 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3274.dat"
Nov 11 2007 12:15:14p 26,365 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3275.dat"
Nov 11 2007 12:15:14p 35,143 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3276.dat"
Nov 11 2007 12:15:14p 30,763 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3277.dat"
Nov 11 2007 12:15:14p 138 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3278.dat"
Nov 11 2007 12:15:16p 26,633 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3279.dat"
Nov 11 2007 12:15:16p 26,311 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3280.dat"
Nov 11 2007 4:16:38p 27,912 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3281.dat"
Nov 12 2007 10:30:16p 4,146 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3282.dat"
Nov 14 2007 12:20:28p 4,058 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3283.dat"
Nov 15 2007 9:19:28a 3,880 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3284.dat"
Nov 16 2007 9:08:38a 4,092 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3285.dat"
Nov 16 2007 8:07:14p 3,281 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3286.dat"
Sep 25 2007 1:11:44a 1,671,168 A.... "C:\Program Files\Java\jre1.6.0_03\bin\awt.dll"
Sep 25 2007 1:11:44a 114,688 A.... "C:\Program Files\Java\jre1.6.0_03\bin\axbridge.dll"
Sep 25 2007 1:11:44a 192,512 A.... "C:\Program Files\Java\jre1.6.0_03\bin\cmm.dll"
Sep 25 2007 1:11:44a 143,360 A.... "C:\Program Files\Java\jre1.6.0_03\bin\dcpr.dll"
Sep 25 2007 1:11:44a 69,632 A.... "C:\Program Files\Java\jre1.6.0_03\bin\deploy.dll"
Sep 25 2007 1:11:44a 16,896 A.... "C:\Program Files\Java\jre1.6.0_03\bin\dt_shmem.dll"
Sep 25 2007 1:11:44a 13,312 A.... "C:\Program Files\Java\jre1.6.0_03\bin\dt_socket.dll"
Sep 25 2007 1:11:44a 335,872 A.... "C:\Program Files\Java\jre1.6.0_03\bin\fontmanager.dll"
Sep 25 2007 1:11:44a 15,872 A.... "C:\Program Files\Java\jre1.6.0_03\bin\hpi.dll"
Sep 25 2007 1:11:44a 139,264 A.... "C:\Program Files\Java\jre1.6.0_03\bin\hprof.dll"
Sep 25 2007 1:11:44a 98,304 A.... "C:\Program Files\Java\jre1.6.0_03\bin\instrument.dll"
Sep 25 2007 1:11:44a 12,800 A.... "C:\Program Files\Java\jre1.6.0_03\bin\ioser12.dll"
Sep 25 2007 1:11:44a 7,680 A.... "C:\Program Files\Java\jre1.6.0_03\bin\j2pcsc.dll"
Sep 25 2007 1:11:44a 37,376 A.... "C:\Program Files\Java\jre1.6.0_03\bin\j2pkcs11.dll"
Sep 25 2007 1:11:44a 10,240 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jaas_nt.dll"
Sep 24 2007 10:54:04p 25,088 A.... "C:\Program Files\Java\jre1.6.0_03\bin\java-rmi.exe"
Sep 25 2007 1:11:44a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\java.dll"
Sep 24 2007 10:30:28p 135,168 A.... "C:\Program Files\Java\jre1.6.0_03\bin\java.exe"
Sep 24 2007 11:31:42p 37,376 A.... "C:\Program Files\Java\jre1.6.0_03\bin\javacpl.exe"
Sep 24 2007 10:30:30p 135,168 A.... "C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"
Sep 24 2007 11:31:42p 139,264 A.... "C:\Program Files\Java\jre1.6.0_03\bin\javaws.exe"
Sep 25 2007 1:11:44a 14,336 A.... "C:\Program Files\Java\jre1.6.0_03\bin\java_crw_demo.dll"
Sep 25 2007 1:11:44a 5,120 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jawt.dll"
Sep 25 2007 1:11:44a 36,352 A.... "C:\Program Files\Java\jre1.6.0_03\bin\JdbcOdbc.dll"
Sep 25 2007 1:11:44a 167,936 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jdwp.dll"
Sep 25 2007 1:11:44a 77,824 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jli.dll"
Sep 25 2007 1:11:44a 147,456 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jpeg.dll"
Sep 25 2007 1:11:44a 98,304 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jpicom.dll"
Sep 25 2007 1:11:44a 110,592 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jpiexp.dll"
Sep 25 2007 1:11:44a 98,304 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jpinscp.dll"
Sep 25 2007 1:11:44a 65,536 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jpioji.dll"
Sep 25 2007 1:11:44a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jpishare.dll"
Sep 25 2007 1:11:44a 147,456 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jsound.dll"
Sep 25 2007 1:11:44a 18,432 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jsoundds.dll"
Sep 25 2007 1:11:36a 329,104 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe"
Sep 25 2007 1:11:36a 54,672 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jureg.exe"
Sep 25 2007 1:11:36a 132,496 A.... "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Sep 24 2007 10:42:32p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\keytool.exe"
Sep 24 2007 10:43:14p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\kinit.exe"
Sep 24 2007 10:43:18p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\klist.exe"
Sep 24 2007 10:43:20p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\ktab.exe"
Sep 25 2007 1:11:44a 18,432 A.... "C:\Program Files\Java\jre1.6.0_03\bin\management.dll"
Sep 25 2007 1:25:26a 348,160 A.... "C:\Program Files\Java\jre1.6.0_03\bin\msvcr71.dll"
Sep 25 2007 1:11:44a 77,824 A.... "C:\Program Files\Java\jre1.6.0_03\bin\net.dll"
Sep 25 2007 1:11:44a 20,480 A.... "C:\Program Files\Java\jre1.6.0_03\bin\nio.dll"
Sep 25 2007 1:11:44a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npjava11.dll"
Sep 25 2007 1:11:44a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npjava12.dll"
Sep 25 2007 1:11:44a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npjava13.dll"
Sep 25 2007 1:11:46a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npjava14.dll"
Sep 25 2007 1:11:46a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npjava32.dll"
Sep 25 2007 1:11:34a 132,496 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll"
Sep 25 2007 1:11:46a 126,976 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npoji610.dll"
Sep 25 2007 1:11:46a 8,192 A.... "C:\Program Files\Java\jre1.6.0_03\bin\npt.dll"
Sep 24 2007 11:01:32p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\orbd.exe"
Sep 24 2007 11:02:12p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\pack200.exe"
Sep 24 2007 10:43:12p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\policytool.exe"
Sep 25 2007 1:25:26a 233,472 A.... "C:\Program Files\Java\jre1.6.0_03\bin\regutils.dll"
Sep 25 2007 1:11:46a 5,120 A.... "C:\Program Files\Java\jre1.6.0_03\bin\rmi.dll"
Sep 24 2007 10:53:56p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\rmid.exe"
Sep 24 2007 10:53:46p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\rmiregistry.exe"
Sep 24 2007 11:01:36p 25,600 A.... "C:\Program Files\Java\jre1.6.0_03\bin\servertool.exe"
Sep 25 2007 1:11:46a 131,072 A.... "C:\Program Files\Java\jre1.6.0_03\bin\splashscreen.dll"
Sep 25 2007 1:11:34a 501,136 A.... "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll"
Sep 25 2007 1:11:46a 16,384 A.... "C:\Program Files\Java\jre1.6.0_03\bin\sunmscapi.dll"
Sep 24 2007 11:01:20p 26,112 A.... "C:\Program Files\Java\jre1.6.0_03\bin\tnameserv.exe"
Sep 25 2007 1:11:46a 61,440 A.... "C:\Program Files\Java\jre1.6.0_03\bin\unpack.dll"
Sep 24 2007 11:02:08p 122,880 A.... "C:\Program Files\Java\jre1.6.0_03\bin\unpack200.exe"
Sep 25 2007 1:11:46a 31,744 A.... "C:\Program Files\Java\jre1.6.0_03\bin\verify.dll"
Sep 25 2007 1:11:46a 24,701 A.... "C:\Program Files\Java\jre1.6.0_03\bin\w2k_lsa_auth.dll"
Sep 25 2007 1:11:46a 110,592 A.... "C:\Program Files\Java\jre1.6.0_03\bin\wsdetect.dll"
Sep 25 2007 1:11:46a 47,104 A.... "C:\Program Files\Java\jre1.6.0_03\bin\zip.dll"
Nov 8 2007 11:59:50a 1,835 A.... "C:\Program Files\McAfee.com\Personal Firewall\data\Dump.ini"
Nov 16 2007 9:53:56p 35 A.... "C:\Program Files\Common Files\Network Associates\TalkBack\Data\TalkBack.ini"
Sep 25 2007 1:11:46a 2,314,240 A.... "C:\Program Files\Java\jre1.6.0_03\bin\client\jvm.dll"
Sep 24 2007 11:31:42p 16,801 A.... "C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip"
Oct 26 2007 12:47:38p 99,576 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll"
Oct 26 2007 12:47:38p 156,280 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll"
Oct 26 2007 8:09:56a 3,323 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\master.ini"
Oct 26 2007 12:47:40p 14,192 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll"
Oct 26 2007 12:47:40p 406,776 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"
Oct 26 2007 8:09:56a 14,826 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback-l10n.ini"
Nov 7 2007 9:06:14p 761,856 ..... "C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe"
Nov 7 2007 9:06:16p 180,224 ..... "C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll"
Nov 7 2007 9:06:16p 266,240 ..... "C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll"
Nov 7 2007 9:06:14p 409,600 ..... "C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll"
Nov 7 2007 9:06:14p 172,032 ..... "C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll"
Nov 7 2007 9:06:14p 32,768 ..... "C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll"
Nov 7 2007 9:06:14p 540,772 ..... "C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll"
Nov 14 2007 3:19:48p 610,436 A.... "C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe"
Sep 25 2007 1:25:20a 9,685,797 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core1.zip"
Sep 25 2007 1:25:22a 10,238,372 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core2.zip"
Sep 25 2007 1:25:22a 4,868,848 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip"
Sep 25 2007 1:25:24a 4,046,968 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\other.zip"
Nov 18 2007 10:31:16a 583 A.... "C:\Program Files\McAfee.com\Personal Firewall\data\style\RED\Dump.ini"
Sep 25 2007 1:25:24a 3,584 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\launcher.exe"
Sep 25 2007 1:25:26a 348,160 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\msvcr71.dll"
Sep 25 2007 1:25:24a 2,540,904 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\patchjre.exe"
Sep 25 2007 1:25:26a 233,472 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\regutils.dll"
Sep 25 2007 1:25:18a 20,480 A.... "C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\zipper.exe"


Files with hidden attributes:

Fri 2 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 10 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0089cd1ec7c03d0a52caa6b6ea801507\BITBA.tmp"
Tue 10 Jul 2007 172,544 ...H. --- "C:\Documents and Settings\Administrator\Desktop\Documents\Inlingua\~WRL0001.tmp"


Program Folders:

C:\Program Files\

5 Spots II
ACD Systems
Adobe
Ahead
Apple Software Update
Azureus
Common Files
ComPlus Applications
CONEXANT
Cucusoft
DIFX
Disney Interactive
DivX
Elaborate Bytes
Grisoft
Hewlett-Packard
HijackThis
HP
HPQ
IBP 9
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
Lavasoft
McAfee.com
Messenger
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
mupen64 0.5
NetMeeting
Network Associates
Online Services
Outlook Express
PC Connectivity Solution
Project64 1.6
QuickTime
Real
ReflexiveArcade
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files
Spybot - Search & Destroy
SpywareBlaster
Symantec
Symantec AntiVirus
Torrent Harvester
Trend Micro
Uninstall Information
VideoLAN
WIDCOMM
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinZip
xerox
Yahoo!

C:\Program Files\Common Files\

ACD Systems
Adobe
Adobe Systems Shared
Ahead
Cisco Systems
DESIGNER
HP
InstallShield
Java
Microsoft Shared
MSSoap
Network Associates
ODBC
Real
Services
SpeechEngines
Symantec Shared
System
Wise Installation Wizard


Add/Remove Programs:

Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
5 Spots II
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)
Adobe Acrobat 5.0
AVG 7.5
AVG Anti-Spyware 7.5
Azureus
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Conexant HD Audio
HDAUDIO Soft Data Fax Modem with SmartCP
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Windows Driver Package - Intel (w39n51) net (09/28/2005 10.0.0.120)
Intel® Graphics Media Accelerator Driver
HijackThis 2.0.2
HP Imaging Device Functions 5.0
HP Solution Center & Imaging Support Tools 5.0
IBP 9.2
iPod Updater 2004-08-06
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
McAfee Personal Firewall Plus
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.9)
Microsoft Compression Client Pack 1.0 for Windows XP
Nero 6 Ultra Edition
NeroVision Express 3
Intel® PRO Network Connections Drivers
Adobe Flash Player 9 ActiveX
SmartFTP Client 2.0 Setup Files (remove only)
SpywareBlaster v3.5.1
Torrent Harvester
Microsoft Office Ultimate 2007
VirtualCloneDrive
VideoLAN VLC media player 0.8.5
Who Wants To Be A Millionaire
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Messenger
Destinations
Security Update for CAPICOM (KB931906)
HP Software Update
iPod Updater 2004-08-06
TrayApp
Java™ 6 Update 3
HP Deskjet 3900 series
HP Integrated Module with Bluetooth wireless technology
HPDeskjet3900Series
QuickTime
WebReg
iTunes
Apple Software Update
DeviceFunctionQFolder
Tweak UI
eSupportQFolder
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Access MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Update for Outlook 2007 Junk Email Filter (kb943559)
Security Update for Office 2007 (KB934062)
Security Update for the 2007 Microsoft Office System (KB936960)
Update for Office 2007 (KB934393)
Security Update for Excel 2007 (KB936509)
Security Update for Publisher 2007 (KB936646)
Update for Office 2007 (KB934391)
Update for Word 2007 (KB934173)
Security Update for Office 2007 (KB936514)
Update for Outlook 2007 (KB937608)
Update for Office 2007 (KB932080)
Project64 1.6
PC Connectivity Solution
Alt-Tab Task Switcher Powertoy for Windows XP
DeviceManagementQFolder
Adobe Reader 7.0.9
Adobe Reader Chinese Traditional Fonts
ACDSee 8
SmartAudio
Spybot - Search & Destroy
DivX Web Player
BufferChm
SmartFTP Client 2.0
Microsoft .NET Framework 1.1
Quick Launch Buttons 5.20 G1
Ad-Aware 2007
HPProductAssistant
SolutionCenter
Adobe Photoshop CS
Status
HP Image Zone Express
Warcraft III


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="3000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
@=""

@=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\QuickTime\QTSystem\QTJava.zip
QTJAVA REG_SZ C:\Program Files\QuickTime\QTSystem\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware driver
<NO NAME> REG_SZ Driver


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware guard
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\https\shell\open\command]
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

-----------------------------------------------------------------------
4 - Hijackthis Report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:06 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\rasautou.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9212 bytes




----------------------------------------------------------------------------
Hopefully everything is all set now.. I can't tell you how much I appreciate your help. Thanks again.

#7 barfomcgee

barfomcgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 18 November 2007 - 01:15 AM

I just realized there is a log from the FXgaobot tool. Here it is:

Symantec W32.Gaobot FixTool 1.35.0

C:\Documents and Settings\All Users\Start Menu\Programs\Nero\????????????: (not scanned)
C:\System Volume Information: (not scanned)
D:\Driver COMPAQ V3111\?????? Medium Changer ?? Device MANAGER ????? GenChanger: (not scanned)
D:\System Volume Information: (not scanned)
W32.Gaobot has not been found on your computer.

#8 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:07:19 AM

Posted 20 November 2007 - 08:45 AM

Hi Barfomcgee

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\system32\servicess.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply along with the OTmoveit result.
DC

#9 barfomcgee

barfomcgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 November 2007 - 09:58 PM

Hi DC,

OTMoveIt was not able to complete the step you requested. First, I received an error message stating it could not create a file log. Then afterwards, in the results column, it said this:

File/Folder C:\Windows\system32\servicess.exe not found.



FSBL did not find any files. The scan only ran for a few minutes and I wonder if it was cut short by some malware still on my computer. For example, when the infection first came I was running Symantec, but it would be cut short after scanning only a few thousand files. Here is the log from FSBL:

11/21/07 09:46:36 [Info]: BlackLight Engine 1.0.67 initialized
11/21/07 09:46:36 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/21/07 09:46:36 [Note]: 7019 4
11/21/07 09:46:36 [Note]: 7005 0
11/21/07 09:46:40 [Note]: 7006 0
11/21/07 09:46:40 [Note]: 7022 0
11/21/07 09:46:40 [Note]: 7011 236
11/21/07 09:46:40 [Note]: 7026 0
11/21/07 09:46:40 [Note]: 7026 0
11/21/07 09:46:43 [Note]: FSRAW library version 1.7.1024
11/21/07 09:54:02 [Note]: 7007 0


Do you think my computer has a rootkit? If so, I do have second copy of Windows installed on the system as a backup (for emergencies, like this). If I ran an anti-malware or anti-rootkit program in that second copy of Windows, would it be able to clean out the rootkit?

Thanks again for all your help.

#10 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:08:19 AM

Posted 29 November 2007 - 03:42 PM

Hi barfomcgee

Sorry for the delay, Demon Cleaner has gone on vacation.

Just give me some time to check your logs.

Please post a new HijackThis log to make sure nothing has changed.



Stelios :thumbsup:

#11 barfomcgee

barfomcgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 01 December 2007 - 09:46 AM

Hello Stelios,

I'm sorry about my delay... I'd given up on the thread. But I'm happy I happened to check back! Here is the latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:32 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{718B033A-43B0-4438-8C16-77E43953849A}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9369 bytes



Thanks for your help.

#12 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:08:19 AM

Posted 01 December 2007 - 12:08 PM

Hi barfomcgee

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Boot into Safe Mode:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Select your normal user account.
If you have trouble getting into Safe mode go here <--link to tutorial

Scan for Hidden Data Streams
  • Open HiJackThis
  • Click on the "Open the Misc Toll section"
  • Click on "Open ADS Spy.."
    • Uncheck "Quick scan (Windows base folder only)"
    • Uncheck "Ignore safe system info streams"
  • Click on "Scan"
  • Click on "Save Log..."
  • Reboot back into normal windows.
  • Copy and past the List from the notepad into your next post



Stelios

#13 barfomcgee

barfomcgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 01 December 2007 - 11:55 PM

Hello Stelios. Here is the log you requested:

C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\gens_win32_bin_2[1].14.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Humans, The (U) [b1].zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Rainbow Islands - The Story of Bubble Bobble 2 (JU) [b1].zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Rampart (UE) [!].zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Sonic_Spinball__E_____.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Sonic_the_Hedgehog_2__JUE_____.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Andrew Brosius -- Resume.doc : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Ebay\Accounts.xls : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Ebay\EBAY_Log.xls : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\seodummies.pdf : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrator\My Documents\My Pictures\Home\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrator\My Documents\My Pictures\Orion_Nebula_-_Hubble_2006_mosaic_18000.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrator\Recent\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : FFF84C3D (108 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : FFF84C3D (108 bytes)
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Windows Media Connect 2\Thumbs.db : encryptable (0 bytes)
C:\sp33761.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\system32 : svchost.exe (20480 bytes)
C:\WINDOWS\system32 : svchost.exe (20480 bytes)
C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_39004c4d\UNIDRV.HLP : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_39004c4d\UNIDRVUI.DLL : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_39004c4d\UNIRES.DLL : Zone.Identifier (26 bytes)
D:\SMRTNTKY\Thumbs.db : encryptable (0 bytes)

#14 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:08:19 AM

Posted 04 December 2007 - 05:25 AM

Hi barfomcgee

Sorry for the delay!!

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both software products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG7 or McAfee - if you remove Mcafee please understand you will have to install a new firewall as the mcafee one will have been uninstalled also.
=====

Reboot your comp in to safe mode again, scan with ADS spy and post the new log please.



Stelios

#15 barfomcgee

barfomcgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 05 December 2007 - 09:23 AM

Hello,

I don't actually have two anti-virus programs installed. I have AVG Anti-virus. For Mcafee, I only have the personal firewall installed. This automatically installs "Mcafee Security Center," but the firewall is the only component I've installed.

My computer has taken a turn for the worse. Ordinarily, Windows requires no log-on or password. However when I turned it on this morning, it asked for a user name and password. When I tried to type administrator, I found that certain keys didn't work. Instead of "administrator," I could only type something like "adm050st4tor."

Luckily, I was able to log-on with safe mode, then I created a new user account using a key that was not blocked (1111). I am now using this account to access Windows. Here is the latest log you requested:

C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\gens_win32_bin_2[1].14.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Humans, The (U) [b1].zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Rainbow Islands - The Story of Bubble Bobble 2 (JU) [b1].zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Rampart (UE) [!].zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Sonic_Spinball__E_____.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\gens_win32_bin_2[1].14\Sonic_the_Hedgehog_2__JUE_____.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Andrew Brosius -- Resume.doc : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Ebay\Accounts.xls : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Ebay\EBAY_Log.xls : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\seodummies.pdf : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\Desktop\Games\Web\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrator\My Documents\My Pictures\Home\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrator\My Documents\My Pictures\Orion_Nebula_-_Hubble_2006_mosaic_18000.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrator\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : FFF84C3D (108 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : FFF84C3D (108 bytes)
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Windows Media Connect 2\Thumbs.db : encryptable (0 bytes)
C:\sp33761.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_39004c4d\UNIDRV.HLP : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_39004c4d\UNIDRVUI.DLL : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_39004c4d\UNIRES.DLL : Zone.Identifier (26 bytes)
D:\SMRTNTKY\Thumbs.db : encryptable (0 bytes)


Thanks again for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users